# API authorization

All authenticated API endpoints also require authorization. This is done by verifying whether the provided credentials, such as an API key or OAuth token, have at least one of the required API scopes. You can assign scopes to the API key as needed.

## API scopes

A scope has become a standard term in the API environment. It originated in [OAuth2](https://auth0.com/intro-to-iam/what-is-oauth-2) specification, and the same idea is applied to all authentication types. It is an additional layer of control and security over the REST API that limits what the end-point users, API key, or OAuth clients are allowed to call.

Scopes provide access to a specific set of API endpoints, typically designed to serve specific use cases. Through OAuth2, they define the specific actions that applications are permitted to do on behalf of a user.

By granting a specific API scope to a user or an API key, you limit their access to a subset of API endpoints covered by the scope. In this way, you can prevent the user from accessing data or API functionalities outside of their role. You can limit the potential negative impact of leaked or stolen API keys or user credentials. You can grant several scopes to the same user or API key, covering multiple different API endpoints needed for a complex use case.

### API scope types [#api-scope-types-api-scopes]

Various scope types exist depending on the area or context. The main scopes include:

1. General:
    - **message:send**
        - Enables sending of [mobile terminated (MT)](https://www.infobip.com/glossary/mt-mobile-terminated) messages, regardless of the channel
        - Includes all `channel:message:send` endpoints (all channels)
    - **inbound-message:read**
        - Enables fetching of [mobile originated (MO)](https://www.infobip.com/glossary/mo-mobile-originated) messages, regardless of the channel
        - Includes all `channel:inbound-message:read` endpoints (all channels)
    - **web:sdk**
        - Provides access to People and People events API endpoints accessed from client-side SDK
    - **mobile-app-messaging:sdk**
        - Provides access to the Mobile App Messaging Mobile Push API endpoints accessed from the client-side SDK

2. *product/channel*:manage
    - Includes all endpoints related to a specific product or channel; e.g., if it is a Conversations product, it includes all endpoints related to Conversations; if it is an SMS channel, it includes all endpoints related to SMS

Additionally, there are other scope types that vary depending on the channel, product, and different use cases. You can review all available scopes on the [Create API key](https://portal.infobip.com/dev/api-keys/create) page.

### API scope configuration [#api-scope-configuration-api-scopes]

To configure API scope(s), you will need to allow the API key to access each API endpoint you want to use. To do that, first check the documentation of the API endpoint. It will list the required scopes. Granting any of them will enable the API key to access the endpoint.

You can grant new scopes to an existing API key by editing it or create a new one with scopes from the beginning.

You can manage API keys either through [dedicated API](https://www.infobip.com/docs/api/platform/account-management/create-api-key), or through the web interface.

If you want to configure the API scope(s) through the web interface, navigate to **Developer Tools** → **API Keys** → [Create API key](https://portal.infobip.com/dev/api-keys/create).

From there, enter the following information for the API key:

- Name
- Creation date
- Expiration date
- Allowed IP addresses (optional)

In the next section, **API scopes**, choose which scopes you want to include:

- General
- Channels
- Connectivity
- Platform
- Customer Engagement
- Web SDK

Upon selecting a specific scope option, a drop-down menu will appear containing all available scopes. From there, you are required to choose which scopes you want to include in the API key.

### Available API scopes [#available-api-scopes-api-scopes]

The table below outlines the scopes currently used by the API platform.

##### Channels
| SCOPE | DESCRIPTION |
| --- | --- |
| 2fa:manage | Enables access to all two-factor authentication API end-points |
| 2fa:pin:manage | Allows configuration and management of one-time PIN settings for two-factor authentication |
| 2fa:pin:send | Enables sending of one-time PINs as part of two-factor authentication |
| apple-mfb:logs:read | Allows reading of logs related to Apple Messages for Business |
| apple-mfb:manage | Enables access to all Apple Messages for Business API end-points |
| apple-mfb:message:send | Enables sending of Apple Messages for Business |
| calllink:configuration:manage | Enables management of configuration for call links |
| calllink:link:manage | Enables management of links related to call links |
| calllink:manage | Enables access to all Call link API end-points |
| callrouting:manage | Enables access to all Call routing API end-points |
| calls:bulk:manage | Enables management of bulk calls |
| calls:configuration:manage | Enables management of all calls API settings |
| calls:logs:read | Enables access to logs related to calls API |
| calls:manage | Enables access to all Calls API end-points |
| calls:media:manage | Enables management of media related to calls API |
| calls:read | Enables access to calls API logs |
| calls:recording:delete | Enables deletion of Calls recordings |
| calls:recording:read | Enables reading of Calls recordings |
| calls:traffic:receive | Enables management of incoming calls |
| calls:traffic:record | Enables recording of calls |
| calls:traffic:send | Enables sending of calls and actions in calls |
| clicktocall:manage | Enables access to all Click-to-call API end-points |
| email:logs:read | Allows reading of logs related to email messages |
| email:manage | Enables access to all Email API end-points |
| email:message:send | Enables sending email messages |
| google-bm:logs:read | Allows reading of logs related to Google Business Messages |
| google-bm:manage | Enables access to all Google Business Messages API end-points |
| google-bm:message:send | Enables sending of Google Business Messages |
| instagram:logs:read | Allows reading of logs related to Instagram messages |
| instagram:manage | Enables access to all Instagram messages API end-points |
| instagram:message:send | Enables sending of Instagram messages |
| ivr:configuration:manage | Enables management of the IVR configuration |
| ivr:manage | Enables access to all IVR settings and configurations API end-points |
| ivr:message:send | Enables sending of IVR messages |
| kakao:logs:read | Allows reading of logs related to Kakao messages |
| kakao:manage | Enables access to all Kakao messages API end-points |
| kakao:message:send | Enables sending of Kakao messages |
| line:manage | Enables access to all LINE messages API end-points |
| line:message:send | Enables sending of LINE messages |
| live-chat:manage | Allows management of Live Chat functionalities and settings |
| messenger:manage | Enables access to all Messenger API end-points |
| messenger:message:send | Enables sending of Messenger messages |
| mms:inbound-message:read | Allows access to read inbound MMS messages |
| mms:logs:read | Allows reading of logs related to MMS messages |
| mms:manage | Enables access to all MMS API end-points |
| mms:message:send | Enables sending of MMS messages |
| mobile-app-messaging:inbound-message:read | Allows reading of inbound Mobile app messages |
| mobile-app-messaging:manage | Enables sending and managing of Mobile app messages |
| mobile-app-messaging:send | Enables sending of Mobile app messages |
| numbermasking:manage | Enables access to all Number masking API end-points |
| omni-failover:logs:read | Allows reading of logs related to OMNI-channel failover events |
| omni-failover:manage | Enables access to all  OMNI-channel failover API end-points |
| omni-failover:message:send | Enables sending messages via OMNI-channel failover mechanisms |
| rcs:manage | Enables access to all RCS API end-points |
| rcs:message:send | Enables sending of RCS messages |
| sms:inbound-message:read | Grants access to read inbound SMS messages |
| sms:logs:read | Allows reading of logs related to SMS messages |
| sms:manage | Enables access to all SMS API end-points |
| sms:message:send | Enables sending of SMS messages |
| voice:logs:read | Enables reading of voice delivery reports |
| voice:recording:delete | Enables deleting of voice recordings |
| voice:recording:read | Enables reading of voice recordings |
| web-push:manage | Allows management of web push notifications |
| webrtc:configuration:manage | Enables management of WebRTC configuration |
| webrtc:identity:manage | Enables management of WebRTC identity configuration |
| webrtc:manage | Enables access to all WebRTC API end-points |
| webrtc:media:manage | Enables management of media related to WebRTC |
| whatsapp:inbound-message:read | Enables reading of inbound WhatsApp messages |
| whatsapp:manage | Enables access to all WhatsApp API end-points |
| whatsapp:message:send | Enables sending of WhatsApp messages |
| zalo:logs:read | Allows reading of logs related to Zalo messages |
| zalo:manage | Enables access to all Zalo API end-points |
| zalo:message:send | Enables sending Zalo messages |
| viber-bm:logs:read | Allows reading of logs related to Viber Business Messages |
| viber-bm:manage | Enables access to all Viber Business Messages API end-points |
| viber-bm:message:send | Enables sending of Viber Business Messages |
| viber-bot:logs:read | Allows reading of logs related to Viber Bot Messages |
| viber-bot:manage | Enables access to all Viber Bot Messages API end-points |
| viber-bot:message:send | Enables sending of Viber Bot Messages |
| voice-message:logs:read | Enables access to logs of sent voice messages |
| voice-message:manage | Enables management of all voice messages |
| voice-message:message:send | Enables sendings of voice messages |
| voice-reports:read | Enables access to voice reports |
| voice:recording:manage | Enables management of voice recordings |
| web-push:send | Enables sending of web push notifications |
| rcs:logs:read | Enables reading of logs of RCS messages |
| messenger:logs:read | Enables reading of logs of Messenger messages |
| whatsapp:logs:read | Allows reading of logs related to WhatsApp messages |
| rbm-maap:manage | Enables access to all RBM MaaP API end-points |
| rbm-maap:message:send | Allows sending of RBM MaaP-related messages |
| mobile-app-messaging:logs:read | Allows reading of logs related to Mobile app messages |
| whatsapp:conversions | Enables access to WhatsApp Conversions |
| zalo-follower:manage | Enables access to all Zalo Follower API end-points |
| zalo-follower:message:send | Enables sending Zalo Follower messages |
| zalo-follower:logs:read | Allows reading of logs related to Zalo Follower messages |
| email:templates:manage | Enables access to Email Templates api endpoints |
| tiktok:manage | Enables access to all TikTok BM end-points |
| tiktok:message:send | Enables sending TikTok BM messages |
| tiktok:logs:read | Allows reading of logs related to TikTok BM messages |
| markuplanguage:manage | Enables access to all Markup language API end-points |
| rcs:provision | Enables access to provisioning API of RCS |

##### Client-side SDK
| SCOPE | DESCRIPTION |
| --- | --- |
| 2fa:sdk | Provides access to two-factor authentication (2FA) API endpoints accessed from the client-side SDK |
| web:sdk | Provides access to People and People events API endpoints accessed from client-side SDK |
| web:tracking:sdk | Enables tracking of website visitors through the Infobip Web SDK |

##### Connectivity
| SCOPE | DESCRIPTION |
| --- | --- |
| biometrics:manage | Enables access to all Biometrics API end-points |
| mobile-identity:manage | Allows for the management and usage of Mobile Identity |
| number-lookup:logs:read | Allows reading of logs related to phone number lookup |
| number-lookup:manage | Enables access to all number lookup API end-points |
| number-lookup:send | Enables phone number lookup |
| number-activation-state:read | Allows to read data from Deact API |

##### Customer Engagement
| SCOPE | DESCRIPTION |
| --- | --- |
| conversations:manage | Enables access to all Conversations API end-points |
| people:manage | Enables access to all People API end-points |
| saas:integrations:manage | Enables access to SaaS Integrations API end-points |
| knowledge-base:manage | Allows management of Knowledge Base resources |
| answers:manage | Enables access to all Answers API end-points |
| flow:read | Allows fetching of existing flows, flow details, participants and analytics |
| flow:manage | Allows management of flows in Moments |
| flow:use | Allows adding participants to existing flows |
| forms:read | Allows seeing information about forms including submitted data and events |
| forms:manage | Allows access to all Forms API end-points |
| content-messages:read | Allows access to existing content messages, their details and analytics |
| content-messages:manage | Allows access to all Content messages API end-points |
| people:read | Provides read-only  access to data and profiles in People |
| forms:use | Allows submitting data or events to a form |
| onboarding:manage | Enables the use of embedded version of Answers in integrations |
| people:use | Provides access to ingesting events in People |
| saas:tiktok-ads:manage | Enables access to TikTok Ads (click-to) API end-points |
| campaign-tags:view | Provides view access to the list of campaign tags in general and as a list of assigned tags |
| campaign-tags:manage | Provides manage access to the list of campaign tags in general and as a list of assigned tags |
| answers:testing | Enables access to Chatbot testing APIs |
| ai:read | Used to read relevant information about AI tools |
| flow:control | Allows users to launch, stop and cancel flows |
| ai:agents:query | Send queries to AI agents and receive responses for interactive communication and question answering |
| ai:agents:manage | Full management access to AI agents and their configurations |
| conversations:read | Provides read-only access to conversations and their details |
| knowledge-base:read | Provides read-only access to Knowledge Base articles and data |
| ai:agents:view | View access to AI agents and their configurations |
| insights:read | Allows fetching of existing insights and recommendations |

##### General
| SCOPE | DESCRIPTION |
| --- | --- |
| inbound-message:read | Enables getting various types of incoming messages, encompassing all channels |
| message:send | Enables sending various types of messages, encompassing all messaging-related endpoints |
| partner-tools:access | Scope defined by team Team_Techical@infobip.com in their API code |

##### Platform
| SCOPE | DESCRIPTION |
| --- | --- |
| account-management:manage | Grants control over account settings and information |
| application-entity:manage | Grants access to manage application-specific entities and settings |
| blocklist:manage | Enables access to all Blocklist API end-points |
| catalogs:manage | Enables access to all Catalogs API end-points |
| messages-api:manage | Enables access to all Messages API end-points |
| messages-api:message:send | Enables sending various types of messages using Messages API |
| metrics:manage | Allows access and management of metrics and analytics data using Metrics API |
| numbers:manage | Enables access to all Numbers API end-points |
| numbers:recording:manage | Enables management of recording setting on numbers |
| sending-strategy:manage | Enables configuration of message sending strategies and rules |
| signals:manage | Enables access to all Signals API end-points |
| subscriptions:manage | Enables access to all Subscriptions API end-points |
| catalogs:read | Allows fetching of existing catalogs, and catalogs metadata |
| catalogs:use | Allows access to fetch items, add items, delete items and update items in catalog |
| resource-request-hub:manage | Allows creation of request for a resource, updating existing request and checking the status of existing request |
| resource-request-hub:read | Allows checking the status of existing request |
| error-codes:read | Enables access to platform error code details to troubleshoot message sending APIs |
| audit-logs:read | Allows reading and exporting of audit logs |
| number-risk-score:manage | Enables access to all Number Risk Score API end-points |

### User roles and API scopes [#user-roles-and-api-scopes-api-scopes]

Important
We suggest using the API key to access Infobip HTTP API. It provides detailed control over API scopes along with numerous other security features. Learn more about it [here](https://www.infobip.com/docs/api-authentication#api-key-header).

If you cannot use the API key and must rely on basic authentication, you need to ensure that the user whose password you are using to call API endpoints has been granted the necessary scope to access those endpoints. Unlike API keys, scopes are not directly assigned to users.

Instead, you can [assign roles to the user](https://www.infobip.com/docs/essentials/manage-my-account/manage-roles), and those roles will implicitly grant certain scopes.

Refer to the list below for scopes that are implicitly granted by specific roles:

| ROLE | SCOPES |
| --- | --- |
| Communication Manager | 2fa:pin:manage, calls:media:manage, viber-bm:manage, campaign-tags:manage, rcs:manage, callrouting:manage, omni-failover:logs:read, zalo:manage, number-lookup:logs:read, voice-message:logs:read, ivr:manage, mobile-app-messaging:manage, numbermasking:manage, forms:read, google-bm:manage, instagram:logs:read, email:logs:read, sms:manage, kakao:logs:read, messages-api:manage, signals:manage, forms:manage, viber-bot:manage, 2fa:manage, calls:manage, mms:manage, calls:recording:delete, webrtc:manage, knowledge-base:manage, forms:use, omni-failover:manage, rcs:logs:read, messenger:logs:read, inbound-message:read, viber-bot:logs:read, calls:traffic:record, flow:manage, campaign-tags:view, kakao:manage, google-bm:logs:read, calls:recording:read, web-push:manage, clicktocall:manage, number-activation-state:read, calllink:link:manage, calllink:configuration:manage, blocklist:manage, numbers:manage, apple-mfb:logs:read, voice:recording:delete, viber-bm:logs:read, whatsapp:manage, whatsapp:logs:read, voice:recording:read, message:send, voice-reports:read, flow:read, voice-message:manage, people:manage, conversations:manage, instagram:manage, live-chat:manage, mms:logs:read, metrics:manage, calls:configuration:manage, email:manage, zalo-follower:manage, calls:bulk:manage, rbm-maap:manage, voice:logs:read, number-lookup:manage, numbers:recording:manage, calls:logs:read, line:manage, content-messages:read, catalogs:manage, sending-strategy:manage, sms:logs:read, zalo:logs:read, answers:manage, calllink:manage, apple-mfb:manage, people:read, ivr:configuration:manage, voice:recording:manage, messenger:manage |
| People Manager | people:manage, conversations:manage, people:read, account-management:manage, forms:manage, mobile-app-messaging:manage, blocklist:manage |
| Analyze Manager | calls:media:manage, google-bm:logs:read, calls:recording:read, account-management:manage, omni-failover:logs:read, number-lookup:logs:read, whatsapp:inbound-message:read, voice-message:logs:read, mms:inbound-message:read, numbermasking:manage, instagram:logs:read, email:logs:read, apple-mfb:logs:read, kakao:logs:read, voice:recording:delete, viber-bm:logs:read, whatsapp:logs:read, voice:recording:read, voice-reports:read, flow:read, calls:recording:delete, forms:use, people:manage, conversations:manage, rcs:logs:read, mms:logs:read, messenger:logs:read, metrics:manage, calls:read, inbound-message:read, sms:inbound-message:read, voice:logs:read, numbers:recording:manage, viber-bot:logs:read, calls:logs:read, calls:traffic:record, answers:manage, sms:logs:read, zalo:logs:read, people:read, voice:recording:manage |
| Finance Data Manager | forms:use, numbers:manage, conversations:manage, account-management:manage |
| Account Manager | viber-bm:manage, campaign-tags:manage, rcs:manage, number-lookup:send, zalo:manage, number-lookup:logs:read, whatsapp:inbound-message:read, resource-request-hub:read, voice-message:logs:read, ivr:manage, mobile-app-messaging:manage, resource-request-hub:manage, sms:message:send, forms:read, instagram:logs:read, email:logs:read, sms:manage, kakao:logs:read, messages-api:manage, answers:testing, tiktok:manage, viber-bot:manage, flow:use, calls:manage, knowledge-base:manage, saas:tiktok-ads:manage, onboarding:manage, forms:use, rbm-maap:message:send, catalogs:use, omni-failover:message:send, messenger:logs:read, calls:traffic:receive, viber-bm:message:send, inbound-message:read, voice-message:message:send, viber-bot:logs:read, number-risk-score:manage, 2fa:pin:send, web:tracking:sdk, line:message:send, calls:traffic:record, google-bm:message:send, flow:manage, tiktok:message:send, subscriptions:manage, google-bm:logs:read, mobile-app-messaging:send, calls:recording:read, account-management:manage, web-push:manage, clicktocall:manage, blocklist:manage, ai:agents:query, apple-mfb:logs:read, whatsapp:manage, whatsapp:logs:read, email:templates:manage, people:manage, conversations:manage, 2fa:sdk, metrics:manage, calls:traffic:send, calls:configuration:manage, zalo-follower:manage, voice:logs:read, number-lookup:manage, numbers:recording:manage, kakao:message:send, saas:integrations:manage, email:message:send, zalo-follower:logs:read, line:manage, catalogs:manage, catalogs:read, audit-logs:read, mobile-app-messaging:inbound-message:read, sending-strategy:manage, apple-mfb:message:send, sms:logs:read, answers:manage, calllink:manage, apple-mfb:manage, whatsapp:message:send, ivr:configuration:manage, ai:agents:manage, voice:recording:manage, 2fa:pin:manage, calls:media:manage, callrouting:manage, knowledge-base:read, omni-failover:logs:read, webrtc:identity:manage, tiktok:logs:read, mobile-app-messaging:logs:read, mms:message:send, numbermasking:manage, google-bm:manage, viber-bot:message:send, signals:manage, people:use, forms:manage, mobile-identity:manage, 2fa:manage, mms:manage, ai:agents:view, calls:recording:delete, webrtc:manage, webrtc:media:manage, omni-failover:manage, rcs:logs:read, calls:read, markuplanguage:manage, sms:inbound-message:read, messages-api:message:send, partner-tools:access, ivr:message:send, whatsapp:conversions, web-push:send, messenger:message:send, campaign-tags:view, insights:read, rcs:provision, kakao:manage, conversations:read, number-activation-state:read, calllink:link:manage, calllink:configuration:manage, mms:inbound-message:read, numbers:manage, ai:read, application-entity:manage, voice:recording:delete, viber-bm:logs:read, voice:recording:read, zalo:message:send, message:send, webrtc:configuration:manage, voice-reports:read, flow:read, content-messages:manage, voice-message:manage, zalo-follower:message:send, instagram:manage, live-chat:manage, mms:logs:read, email:manage, calls:bulk:manage, rbm-maap:manage, instagram:message:send, calls:logs:read, content-messages:read, zalo:logs:read, flow:control, people:read, web:sdk, rcs:message:send, messenger:manage, error-codes:read, biometrics:manage |
| Integrations Manager | viber-bm:manage, campaign-tags:manage, rcs:manage, number-lookup:send, zalo:manage, number-lookup:logs:read, whatsapp:inbound-message:read, resource-request-hub:read, voice-message:logs:read, ivr:manage, mobile-app-messaging:manage, resource-request-hub:manage, sms:message:send, forms:read, instagram:logs:read, email:logs:read, sms:manage, kakao:logs:read, messages-api:manage, answers:testing, tiktok:manage, viber-bot:manage, flow:use, calls:manage, knowledge-base:manage, saas:tiktok-ads:manage, onboarding:manage, forms:use, rbm-maap:message:send, catalogs:use, omni-failover:message:send, messenger:logs:read, calls:traffic:receive, viber-bm:message:send, inbound-message:read, voice-message:message:send, viber-bot:logs:read, number-risk-score:manage, 2fa:pin:send, web:tracking:sdk, line:message:send, calls:traffic:record, google-bm:message:send, flow:manage, tiktok:message:send, subscriptions:manage, google-bm:logs:read, mobile-app-messaging:send, calls:recording:read, account-management:manage, web-push:manage, clicktocall:manage, blocklist:manage, ai:agents:query, apple-mfb:logs:read, whatsapp:manage, whatsapp:logs:read, email:templates:manage, people:manage, conversations:manage, 2fa:sdk, metrics:manage, calls:traffic:send, calls:configuration:manage, zalo-follower:manage, voice:logs:read, number-lookup:manage, numbers:recording:manage, kakao:message:send, saas:integrations:manage, email:message:send, zalo-follower:logs:read, line:manage, catalogs:manage, catalogs:read, audit-logs:read, mobile-app-messaging:inbound-message:read, sending-strategy:manage, apple-mfb:message:send, sms:logs:read, answers:manage, calllink:manage, apple-mfb:manage, whatsapp:message:send, ivr:configuration:manage, ai:agents:manage, voice:recording:manage, 2fa:pin:manage, calls:media:manage, callrouting:manage, knowledge-base:read, omni-failover:logs:read, webrtc:identity:manage, tiktok:logs:read, mobile-app-messaging:logs:read, mms:message:send, numbermasking:manage, google-bm:manage, viber-bot:message:send, signals:manage, people:use, forms:manage, mobile-identity:manage, 2fa:manage, mms:manage, ai:agents:view, calls:recording:delete, webrtc:manage, webrtc:media:manage, omni-failover:manage, rcs:logs:read, calls:read, markuplanguage:manage, sms:inbound-message:read, messages-api:message:send, partner-tools:access, ivr:message:send, whatsapp:conversions, web-push:send, messenger:message:send, campaign-tags:view, insights:read, rcs:provision, kakao:manage, conversations:read, number-activation-state:read, calllink:link:manage, calllink:configuration:manage, mms:inbound-message:read, numbers:manage, ai:read, application-entity:manage, voice:recording:delete, viber-bm:logs:read, voice:recording:read, zalo:message:send, message:send, webrtc:configuration:manage, voice-reports:read, flow:read, content-messages:manage, voice-message:manage, zalo-follower:message:send, instagram:manage, live-chat:manage, mms:logs:read, email:manage, calls:bulk:manage, rbm-maap:manage, instagram:message:send, calls:logs:read, content-messages:read, zalo:logs:read, flow:control, people:read, web:sdk, rcs:message:send, messenger:manage, error-codes:read, biometrics:manage |
| Conversations Agent | conversations:manage, content-messages:read, calls:manage, forms:manage |
| Conversations Manager | conversations:manage, content-messages:read, catalogs:manage, calls:manage, forms:manage, content-messages:manage |
| Conversations Analyze Manager | conversations:manage |
| Conversations Account Manager | conversations:manage, account-management:manage |
| Answers Manager | google-bm:logs:read, rcs:logs:read, live-chat:manage, mms:logs:read, messenger:logs:read, omni-failover:logs:read, number-lookup:logs:read, voice:logs:read, viber-bot:logs:read, voice-message:logs:read, instagram:logs:read, calls:logs:read, email:logs:read, catalogs:manage, apple-mfb:logs:read, kakao:logs:read, viber-bm:logs:read, whatsapp:logs:read, answers:manage, sms:logs:read, zalo:logs:read |
| Answers Designer | instagram:logs:read, calls:logs:read, email:logs:read, google-bm:logs:read, rcs:logs:read, catalogs:manage, apple-mfb:logs:read, kakao:logs:read, mms:logs:read, viber-bm:logs:read, whatsapp:logs:read, messenger:logs:read, zalo:logs:read, answers:manage, sms:logs:read, omni-failover:logs:read, number-lookup:logs:read, voice:logs:read, viber-bot:logs:read, voice-message:logs:read |
| Answers Supervisor | answers:manage |
| Knowledge Base Manager | conversations:manage, knowledge-base:manage |
| Knowledge Base User | conversations:manage, knowledge-base:manage |
| Campaign Content Creator | instagram:logs:read, calls:logs:read, email:logs:read, google-bm:logs:read, rcs:logs:read, apple-mfb:logs:read, kakao:logs:read, mms:logs:read, viber-bm:logs:read, whatsapp:logs:read, messenger:logs:read, zalo:logs:read, sms:logs:read, omni-failover:logs:read, number-lookup:logs:read, voice:logs:read, viber-bot:logs:read, voice-message:logs:read |
| Campaign Approval Manager | instagram:logs:read, calls:logs:read, email:logs:read, google-bm:logs:read, rcs:logs:read, apple-mfb:logs:read, kakao:logs:read, mms:logs:read, viber-bm:logs:read, whatsapp:logs:read, messenger:logs:read, zalo:logs:read, sms:logs:read, omni-failover:logs:read, number-lookup:logs:read, voice:logs:read, viber-bot:logs:read, voice-message:logs:read |
| Content Manager | campaign-tags:view, conversations:manage, content-messages:read, content-messages:manage |

## Errors

You will receive the `403 Forbidden` HTTP status code in the response in case provided user or API key is lacking the required scopes:

```json
{
    "requestError": {
        "serviceException": {
        "messageId": "FORBIDDEN",
        "text": "Forbidden"
        }
    }
}
```

### Library exceptions [#library-exceptions-errors]

When using one of the [libraries](https://github.com/infobip?q=infobip-api-*-client&type=&language=&sort=#org-profiles-repositories), make sure to handle API exceptions.

```java
try {
    SmsResponse smsResponse = sendSmsApi.sendSmsMessage(smsMessageRequest);
} catch (ApiException apiException) {
    apiException.getCode();
    apiException.getResponseHeaders();
    apiException.getResponseBody();
}
```

```csharp
try
{
    var result = api.SendSmsMessage(smsRequest);
}
catch(ApiException apiException)
{
    var errorCode = apiException.ErrorCode;
    var errorContent = apiException.ErrorContent;
}
```