When generating an access token, your application must indicate the necessary scopes based on the specific endpoints it needs to access. These endpoints are organised by module, making it easier to determine the necessary scopes. With reference to this API documentation, the following scopes are necessary to access the endpoints listed under each section header:

Accounts: accounts
Library: library
Inventory: inventory
Procurement: procurement
Sales: sales
Media: media

🚧
User permissions also play a role when determining access.
For user-generated tokens, the permissions of the user that generated it also limit its actions via the API.
If the user that generated the token does not have the permission to edit recipes, for example, an application that has the library scope will still not be able to edit recipes when using a token generated by that user.
This does not apply to tokens generated for third parties from the user interface.

Additional information for partners

For partners who do not implement a login flow, they can provide their users with the ability to add the external application to their libraries. This allows users to generate tokens for the application directly from the user interface.

When users add your application to their libraries, they are also prompted for the required scopes:

Make sure that the users generating your tokens are also aware of the scopes they need to select in this prompt for your application to work.