Skip to main content
Pre-release — contact your Fortary account team for access.
A scope is a permission attached to an API key that controls what the key can do. You choose a key’s scopes when you create it, and they can’t be widened beyond the owner’s own authority. See Authorization for how scopes combine with roles and the vault allowlist.

Scopes in v1

The v1 API is read-only, and it has a single scope:
ScopeGrants
vault:readRead access to vaults and their sub-resources — balances, transactions, and addresses — plus the networks and assets endpoints.
Scope names follow a resource:action pattern. As write capabilities are added in future versions, new scopes (for example, an action on transactions) will follow the same pattern — but vault:read is the only scope available in v1.
Managing keys themselves — creating, listing, or revoking them — is not an API scope. Those actions are performed by a signed-in user in the Fortary portal, never by an API credential. See Authentication.

Scopes versus the vault allowlist

Scopes and the vault allowlist answer two different questions, and a key carries both:
  • Scopewhat the key can do (e.g. read).
  • Vault allowlistwhich vaults the key can do it to.
For example, a key with vault:read and an allowlist of two vaults can read those two vaults and nothing else. Narrowing either one narrows the key’s reach; neither can grant access the owning user doesn’t already have.