Overview
Your API key is granted a set of scopes at onboarding. Each API endpoint requires a specific scope — calls made without the required scope return403 Forbidden.
Required Scopes for Journey Integration
A standard journey integration requires the following scopes:leads:create
Required for: Starting a journey
POST /api/v1/partner/journey/initiateoffers:select
Required for: Submitting customer actions and signalling redirect-returned
POST /journey/{id}/action and /redirect-returnedleads:status:read
Required for: Reading journey and application status
GET /journey/{id} and GET /leads/{id}/statusproducts:read
Required for: Listing the products enabled for your key
GET /api/v1/partner/productsOptional Scopes
webhooks:manage
webhooks:manage
Allows you to create, update, and delete webhook subscriptions for real-time status notifications. Useful if you prefer push over polling.
leads:read
leads:read
Allows you to list your applications with pagination. Returns metadata only — no raw PII is ever returned.
GET /api/v1/partner/leads?page=1&limit=20Scope Reference Table
| Scope | Required For | Endpoint |
|---|---|---|
leads:create | Start a journey | POST /journey/initiate |
offers:select | Submit actions & redirect-returned | POST /journey/{id}/action |
leads:status:read | Read journey/application status | GET /journey/{id}, GET /leads/{id}/status |
products:read | List enabled products | GET /products |
webhooks:manage | Manage webhook subscriptions | Webhook endpoints |
leads:read | List applications | GET /leads |
Scope Errors
If your API key lacks the required scope for an endpoint, you will receive:A
403 response can also mean: the product is not in your productAccess list, or your key has been suspended or revoked. Contact your EasyCred onboarding manager to review your key’s permissions.