Skip to main content

Overview

Your API key is granted a set of scopes at onboarding. Each API endpoint requires a specific scope — calls made without the required scope return 403 Forbidden.

Required Scopes for Journey Integration

A standard journey integration requires the following scopes:

leads:create

Required for: Starting a journeyPOST /api/v1/partner/journey/initiate

offers:select

Required for: Submitting customer actions and signalling redirect-returnedPOST /journey/{id}/action and /redirect-returned

leads:status:read

Required for: Reading journey and application statusGET /journey/{id} and GET /leads/{id}/status

products:read

Required for: Listing the products enabled for your keyGET /api/v1/partner/products

Optional Scopes

Allows you to create, update, and delete webhook subscriptions for real-time status notifications. Useful if you prefer push over polling.
Allows you to list your applications with pagination. Returns metadata only — no raw PII is ever returned.GET /api/v1/partner/leads?page=1&limit=20

Scope Reference Table

ScopeRequired ForEndpoint
leads:createStart a journeyPOST /journey/initiate
offers:selectSubmit actions & redirect-returnedPOST /journey/{id}/action
leads:status:readRead journey/application statusGET /journey/{id}, GET /leads/{id}/status
products:readList enabled productsGET /products
webhooks:manageManage webhook subscriptionsWebhook endpoints
leads:readList applicationsGET /leads

Scope Errors

If your API key lacks the required scope for an endpoint, you will receive:
{
  "success": false,
  "error": "Forbidden — missing required scope"
}
A 403 response can also mean: the product is not in your productAccess list, or your key has been suspended or revoked. Contact your EasyCred onboarding manager to review your key’s permissions.