Skip to main content

What Are Scopes?

Scopes define the specific actions and resources that a token can access. They follow a pattern of action:resource and represent granular permissions in the Parchment API.

Available Scopes

Below are the common scopes used in the Parchment partner API:
ScopeDescriptionStatus
create:patientCreate new patient recordsLive
read:patient_prescriptionView patient prescription dataLive
read:patientView patient informationComing Soon
update:patientUpdate existing patient recordsComing Soon
create:userCreate new user accountsLive
read:userView user informationLive
read:usersView usersLive
update:userUpdate existing user accountsComing Soon
delete:userDelete user accountsComing Soon
When generating a token, you can request specific scopes from the allowed set: 
{
  "grantType": "client_credentials",
  "scope": ["read:patient_prescription"]
}

Scope Intersection

When requesting scopes for a token, the system performs an intersection between:
  1. The requested scopes in the token generation call
  2. The allowed scopes configured for the organization
This means a token will only receive scopes that are both requested AND allowed.

Best Practices for Scopes

  1. Least Privilege: Request only the scopes you need for your specific operation
  2. Scope Separation: Generate different tokens for different operations rather than requesting all scopes at once

Managing Scope Changes

As your integration evolves, you may need access to additional scopes. Contact Parchment support to update the allowed scopes for your organization. Once updated, you can request the new scopes when generating tokens.