The following scopes may be requested by the API Application:
Allows the API application to read global information about the organizational structure.
Allows the API application to add new and update existing information within the subscription.
Allows the API application to perform just about every action on behalf of the subscription.
Allows the API application read-only access to the user's personal schedule and assignments.
Allows the API application to fully manage the user's personal schedule and assignments.
Allows the API application read-only access to the user's personal account information and settings.
Allows the API application to fully manage the user's personal account information and settings.
[Based on the documentation available at http://www.horizonwebref.com/developer]
API Developers should build their applications to appropriately handle missing scopes or scopes the user refuses to provide. For example, an API Application may request the scopes read_personal_account and manage_personal_account from the user via the oAuth2 resources. However, the user, during the authorization stage, may refuse to allow the manage_personal_account scope and only allow the read_personal_account scope. In this case, the API application should accommodate and adjust any future API calls for that user based on the scopes that the user actually provided.
As an additional example, the API application may request the manage_personal_account and the manage_organization scopes from the user. If the user has only General Member permissions and has no permissions on their account to manage their organization, they will be unable to provide the API application the manage_organization scope. Similar to above, the API application should appropriately handle this based on the scopes that are actually returned to the API application after the oAuth2 authorization stages.