> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zapier.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth Scopes

> OAuth scopes available for the Zapier API

OAuth scopes define which Zapier resources your application can access. Request only the scopes required for the endpoints or flows your application uses. Endpoint-specific scope requirements are listed on each API reference page.

When requesting more than one scope in an OAuth flow or token exchange, pass scopes as a space-separated string.

```text theme={null}
zap zap:write authentication
```

## Zapier API scopes

| Scope                  | Description                                                                                            |
| ---------------------- | ------------------------------------------------------------------------------------------------------ |
| `profile`              | Read profile information for the authenticated user.                                                   |
| `zap`                  | Read Zap workflows that use your integration.                                                          |
| `zap:write`            | Create or modify Zap workflows.                                                                        |
| `zap:delete`           | Delete Zap workflows.                                                                                  |
| `zap:all`              | Read all Zap workflows owned by the authenticated user.                                                |
| `zap:account:all`      | Read all Zap workflows the authenticated user can access in their account, including shared workflows. |
| `zap:runs`             | Read Zap run history.                                                                                  |
| `action:run`           | Run an action.                                                                                         |
| `authentication`       | Read app authentications.                                                                              |
| `authentication:write` | Create or update app authentications.                                                                  |
| `connection:read`      | Read connections.                                                                                      |
| `connection:write`     | Create or update connections, or request a connect token for Connect UI and MCP authorization flows.   |

## Additional scopes

| Scope      | Description                                                                               |
| ---------- | ----------------------------------------------------------------------------------------- |
| `external` | Access endpoints that use partner-signed external JWT token exchange.                     |
| `mcp:run`  | Run tools through a Zapier-hosted MCP server after completing the MCP authorization flow. |

## Choosing Zap read scopes

Use the narrowest Zap read scope that supports your use case:

* Use `zap` when you only need Zap workflows that use your integration.
* Use `zap:all` when you need all Zap workflows owned by the authenticated user.
* Use `zap:account:all` when you need Zap workflows the authenticated user can access across their account, including shared workflows.
