Skip to main content
The Grantex scope registry provides standard scope definitions organized by domain. Use these as a starting point when registering agents, or define your own custom scopes following the conventions below.

Standard Scopes

All scopes follow the resource:action[:constraint] format defined in Scopes.

Calendar

Email

Payments

Files

Contacts

Profile

Notifications

Database

API

Admin

Constraint Patterns

Constraints are the optional third segment of a scope string. They narrow the permission granted: Constraints are validated by the consuming service, not by Grantex itself. Grantex stores and delivers them in the scp claim — your application enforces the constraint logic.

Custom Scope Guidelines

When your application needs scopes beyond the standard registry:

Naming Convention

Follow the resource:action[:constraint] format:

Recommendations

  1. Use lowercase — scope strings should be entirely lowercase with colons as separators
  2. Keep resources singular or use a clear nounorder:read, not reading-orders
  3. Use standard actions — prefer read, write, create, delete, send, approve, manage, admin
  4. Add constraints only when needed — constraints should narrow a broad permission, not replace fine-grained scopes
  5. Document scopes — include descriptions when registering agents so users see clear consent prompts

Registering Custom Scopes

Declare your custom scopes when registering an agent:

Scope Compatibility

Grantex supports wildcard matching for scope checking. A broader scope satisfies a narrower requirement: Wildcard scopes (resource:*) are useful for trusted internal agents that need full access to a resource domain.
Last modified on March 1, 2026