OAuth 2.0 allows you to pick specific fine-grained scopes which give you specific permissions on behalf of a user. Scopes allow you to set granular access for your App so that your App only has the permissions that it needs. As an app developer, you specify your desired scopes in the initial OAuth authorization request. When a user is responding to your OAuth request, the requested scopes will be displayed to them when they are asked to approve your request.

An application can request one or more scopes, and the access token issued to the application will be limited to the scopes granted.

There are currently three types of scopes ItsaCheckmate provides to its clients.

1. Locations
   The locations scope allows you to access our Get Location API. If you've issued an access token without this scope, you'll get HTTP 403 Forbidden response on calling the Get Location API.
2. Menus
   The menus scope allows you to access our Get Menu API. If you've issued an access token without this scope, you'll get HTTP 403 Forbidden response on calling the Get Menu API.
3. Orders
   The orders scope allows you to access our Submit order API. If you've issued an access token without this scope, you'll get HTTP 403 Forbidden response on calling the Submit Order API.

When you're making an authorization request, you can request these scopes in the scope parameter as space seperated values. The generated access token will be limited to the requested scopes only.