For further improving security, you can limit your OAuth application to only be enabled to access data within certain scopes.
When integrating with the Silverfin API, it's essential to exercise caution and only enable the API scopes you genuinely require for your application's functionality. Enabling unnecessary scopes can pose security risks and potentially expose sensitive data.
Scopes
We currently support the following scopes:
administration:readadministration:writecommunication:readcommunication:writefinancials:readfinancials:writefinancials:transactions:readfinancials:transactions:writelinkspermanent_documents:readpermanent_documents:writeuser:emailuser:firmuser:profilewebhooksworkflows:readworkflows:write
Scoping questions
| Example of required data | Scope(s) |
|---|---|
| Do you require to retrieve user details on the user that authorised the API? | user:email, user:profile |
| Do you require to retrieve the details from the firm of the user? | user:firm |
| Will you be fetching data from users within Silverfin via the API? | administration:read |
| Will you be managing users within Silverfin via the API (create, modify or deactivate)? | administration:write |
| Will you be fetching data from companies in Silverfin? | administration:read |
| Will you be managing companies in Silverfin (create, modify, archive)? | administration:write |
| Does your project involve fetching data regarding the periods of a specific company? | administration:read, financials:read, communication:read |
| Will you be fetching data from either one of these template types: reconciliations, permanent_texts, reports, accounts, adjustments? | financials:read |
| Will you be pushing data to these templates? | financials:write |
| Will you fetch data or read the status from the used workflows? | workflows:read |
| Will you be managing workflows in Silverfin with the API (add, archive, re-activate)? | workflows:write |
| Does the application need to be able to access documents in a specific company? | permanent_documents:read |
| Will you be uploading / downloading documents and creating folder structures in Silverfin? | permanent_documents:write |
| In order to limit the amount of poll requests, will you pick up events through webhooks? | webhooks |
| Do you intend to send requests to your platform via user actions? | links |
| Are you intending to read out the Silverfin communication? | communication:read |
| Will you create new communication notes in Silverfin (remarks, comments, to-do’s) ? | communication:write |