Access rights determine what actions the API client can take with the data of the account that granted access. The required permissions are specified separated by commas in the "scope" parameter of the user access request in the Authorization Code Grant scheme. Depending on the type of user, the requested access rights are divided into three groups.
For the average user-advertiser:
- read_ads — reading statistics and campaigns;
- read_payments — read cash transactions and balance;
- create_ads — create and edit campaign settings, banners, audiences (rates, status, targeting, etc.).
For the user-agency and user-representative
:- create_clients — creating new clients;
- read_clients — view clients and transactions on their behalf;
- create_agency_payments — transfers of funds to and from client accounts.
For user-manager:
- read_manager_clients — read customers and transactions on their behalf;
- edit_manager_clients — changing client settings;
- read_payments — read cash transactions and balance.
In one request, the rights of different groups can be specified. myTarget determines the account type of the current user and opens only the appropriate rights. Moreover, if the request, for example, lists all the rights, and the user is an Agency, he will be asked to choose which account he wants to give access to-to the Agency with Agency rights, any of the management with management or one of the client with access rights to client data.