OAuth apps now support scopes
OAuth apps can now declare scopes — the specific permissions your app requests from a Brevo user. Scopes are shown to the user on the consent screen and embedded in the issued access token, so your integration only gets the access it actually needs.
What’s new
- Request granular permissions per app (e.g.
contacts:read,contacts:write,crm:read,crm:write). - New apps default to
contacts:read,contacts:write,crm:read,crm:write. - Manage scopes from the CLI:
brevo app available-scopeslists every scope the Brevo identity provider supports.brevo app update --scope <scope>adds scopes to an existing app (repeatable).
Learn more
- Scopes — full catalog and how to request them
- CLI reference —
available-scopesandapp updatecommands