Token Scopes (Organization vs Customer)
API tokens can optionally be created with a Customer Scope:
Token Scopes (Organization vs Customer)
API tokens can optionally be created with a Customer Scope:
- Organization-wide token: can read/modify resources across all customers of the organization.
- Customer-scoped token: can only read/modify resources (websites, maintenance windows, etc.) within that specific customer.
Customer-scoped tokens are recommended for agencies and external integrations. Requests outside the scope return 403 Forbidden.
Note: Session-based authentication (cookies) is used for the web interface but is not recommended for integrations.