Scopes and permissions for API access

Not every integration needs full access

In the Leafy Energy demo we use scopes to limit access for API keys and clients. This prevents a simple reporting integration from changing charging profiles.

Scope examples

• read:pricing – read hourly pricing only.
• read:usage – read consumption data per site.
• write:automation – create and modify automation rules.
• admin:customers – administrative actions at customer level.

Best practices

• Grant integrators only the scopes they truly need.
• Use separate keys per system (for example one for BI, one for home automation).

Demo architecture diagrams can show which scope belongs to which system to explain the principle of least privilege.