ConnectScopes

Scopes

A scope is a permission. Apps request scopes; users grant them. Every API call must carry an access token that includes the required scope, or the service returns 403 insufficient_scope.

Naming convention

<verb>:<resource> — verbs are read, write, manage (read + write), and admin (system-only, never granted to third parties).

OpenID Connect

ScopeWhat it grantsConsent screen shows
openidOIDC discovery + an id_token”Sign in with Loop”
profilename, brand affiliation, locale”View your name and basic profile”
emailverified email address”View your email address”

Identity

ScopeWhat it grantsConsent screen shows
read:accountaccount metadata, created_at, status”View your Loop account info”
manage:connected_appslist and revoke OAuth grants”Manage which apps are connected to your Loop account”

Clinical

ScopeWhat it grantsConsent screen shows
read:biomarkerslab results: testosterone, lipid panel, inflammation, etc.”View your lab results”
write:biomarkersingest a lab PDF or structured result”Upload lab results on your behalf”
read:protocolsactive and historical protocols and their actions”View your current and past protocols”
write:protocolsstart or stop a protocol”Start or stop protocols for you”
read:check_insweekly subjective check-in data”View your weekly check-ins”
write:check_insrecord a check-in”Record check-ins on your behalf”
read:recommendationspersonalized protocol recommendations”View protocol recommendations for you”
read:red_flagssafety-flag history (clinician-grade)“View health safety flags on your account”

Patient graph

ScopeWhat it grantsConsent screen shows
read:profileenriched customer profile + order history”View your full Loop profile and order history”
read:wearableswearable data: Oura, WHOOP, Libre, Dexcom syncs”View your wearable device data”
write:wearablestrigger a wearable resync”Sync your wearables on your behalf”

Payments + Commerce

ScopeWhat it grantsConsent screen shows
read:paymentspayment history, refunds, disputes”View your payment history”
read:subscriptionsactive subscriptions and renewal dates”View your subscriptions”
manage:subscriptionspause, resume, skip, swap, cancel”Manage your subscriptions on your behalf”
read:invoicesinvoice list and PDFs”View your invoices”

Memberships + Cash + Entitlements

ScopeWhat it grantsConsent screen shows
read:membershiptier, status, history”View your Loop membership tier”
read:cash_balanceLoop Cash balance and ledger”View your Loop Cash balance”
read:entitlementsfeature access list”View what features you have access to”

Affiliates (affiliate-only apps)

ScopeWhat it grantsConsent screen shows
read:affiliate_selfthis affiliate’s own commissions, tier, payouts”View your affiliate commissions and payouts”
read:affiliate_customerscustomers attributed to this affiliate”View customers attributed to you”
manage:affiliate_winbacktrigger win-back outreach to lapsed referrals”Send win-back messages to your lapsed referrals”

Communications

ScopeWhat it grantsConsent screen shows
read:inboxin-app messages”View your Loop inbox”
manage:inboxmark read / archive”Manage your Loop inbox messages”
read:preferencescomm channel preferences”View your notification preferences”
manage:preferencesupdate comm preferences”Manage your notification preferences”
write:messagessend a message on behalf of the user (rare; mostly internal)“Send messages from your Loop account”

Community + Follows

ScopeWhat it grantsConsent screen shows
read:communityfeed, posts the user can see, comments”View your community feed”
write:communitypost, comment, like”Post and comment in community on your behalf”
read:followsfollows + blocks”View who you follow”
write:followsfollow / unfollow / block / unblock”Follow and unfollow people on your behalf”

Content

ScopeWhat it grantsConsent screen shows
read:contentpublic peptide, stack, goal, research catalog”View Loop’s content library”
read:research_paperscurated research bibliography”View Loop’s research library”

Analytics (for the user’s own data)

ScopeWhat it grantsConsent screen shows
read:my_outcomesthe user’s own protocol outcomes + biomarker trends”View your protocol outcomes and trends”

Admin scopes — never granted to third parties

These are returned in the client_credentials (M2M) flow only, when the calling service is a trusted internal client. Listed for completeness:

  • admin:identity, admin:clinical, admin:payments, admin:affiliates, admin:comms, admin:platform, admin:jobs, …

Third-party clients that request an admin:* scope have their authorization request rejected.

Some bundles get a single human-friendly line on the consent screen:

BundleUnderlying scopesConsent line
loop.health.basicopenid profile email read:account”Identify you and view your basic profile”
loop.health.full_clinicalread:biomarkers read:protocols read:recommendations read:red_flags read:check_ins”View all your clinical data”
loop.health.subscription_self_serviceread:subscriptions manage:subscriptions read:invoices”Manage your subscription”

Bundles compose; you can request both individual scopes and bundles in the same scope parameter.

Scope evolution policy

  • New scopes are additive. They don’t invalidate existing tokens.
  • Renaming a scope ships the new name and keeps the old one as an alias for two release cycles, then removes it.
  • Removing a scope ships a deprecation notice, an alarm if any active token still carries it, and a 90-day removal window.
  • The full historical list is maintained in docs/decisions/scope-changelog.md.

Using typed constants

Instead of string literals in your SDK calls, use the typed scope constants:

import { SCOPES } from "@platform/scopes";
 
// In your app's middleware
requireScope(SCOPES.READ_BIOMARKERS, SCOPES.ADMIN_CLINICAL);
 
// Checking scope satisfaction
import { satisfiesScope } from "@platform/scopes";
if (satisfiesScope(tokenScopes, SCOPES.READ_BIOMARKERS)) {
  // user has access
}

The SCOPES object has autocomplete-friendly keys like READ_BIOMARKERS, ADMIN_CLINICAL, MANAGE_SUBSCRIPTIONS, etc.