ReachFive scope

In modern software architecture, different applications want to make use of existing resources when possible when it comes to user profiles and their associated data. However, we can’t just take the information without consent. This is where scopes come into play. In this case, we ask for authorization from the user to access agreed upon information. Upon agreement, the access token only contains those agreed-upon scopes and authorized data. The quote below comes directly from the RFC 6749 Protocol.

RFC 6749

Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

The table below lists the ReachFive scopes.

List of scopes

You can define scopes in your ReachFive Console on both the First-party and Third-party Clients.

See Clients for more details on First-party and Third-party Clients.
ReachFive scopes
Scope Description


Accesses geographical information (postal address, region, geolocation, etc.).


Accesses email information (email addresses and their verification statuses).


Allows access to user events.

See User events for a list of user events.


Allows the privilege to update anything on the user’s profile.


See here for more details on Multi-factor Authentication.


Allows right to request refresh tokens.


Used to ask for an ID token. If no ID token exists, this is not returned.


Access to phone information (phone numbers and their verification statuses).


Accesses user’s personal information (gender, age, profile picture, etc.).

See User profiles for a list of user profile information.

Custom scope

You can create a custom scope via the ReachFive Console. Go to Settings  Custom scopes. You can assign a custom scope to a custom field via the ReachFive Console. Go to Settings  Custom fields. See Custom fields for more details.

Custom scopes are only available to First-party and Third-party clients.

If you’re using the Management API, you’re still able to retrieve custom fields regardless of the custom scope as it part of the standard response when retrieving user information.


For additional reading, see: