This article outlines the specific permissions (scopes) Accord requires to connect to Salesforce and what each does.
Key Takeaways
Accord requires the following scopes
- Access the identity URL service (id, profile, email, address, phone)
- Manage user data via APIs (api)
- Manage user data via Web browsers (web)
- Perform requests at any time (refresh_token, offline_access)
Overview
When authorizing Accord to connect with your Salesforce instance, you'll be presented with a list of permissions, also known as scopes.
We have done our best to limit the amount of scopes and only require the bare minimum. Each scope is described below.
Note: these scopes should be turned on by default for most Salesforce users.
Scopes
Access the identity URL service (id, profile, email, address, phone)
- What it does: This scope grants Accord access to basic information about your Salesforce users, including their unique user ID, profile details, email address, etc.
Manage user data via APIs (api)
- What it does: This core scope allows Accord to interact with Salesforce data programmatically using Salesforce APIs.
Manage user data via Web browsers (web)
- What it does: This scope enables Accord to interact with Salesforce data when a user is actively logged into a web browser.
Perform requests at any time (refresh_token, offline_access)
- What it does: A refresh token allows Accord to obtain new access tokens without requiring the user to explicitly re-auth the application each time the initial access token expires.
Reference: For more detailed information about OAuth scopes in Salesforce, you can refer to the official Salesforce documentation: