Understanding Scopes

Carta uses OAuth scopes to control access to our data


Carta's API uses Oauth scopes to control access to our data. Our scopes follow this pattern:

read_{resource}: Grants readonly access to the endpoint associated with a resource scope.

readwrite_{resource}: Grants read & modify access to the endpoint associated with a resource scope.



Your application's access to Carta data will match the user who granted you that access. For example, when you submit a call to our Issuer API, we verify the user's current role to confirm they still have appropriate access. Note that company administrators can freely change their users' roles, and if you attempt to access the API after the user no longer has appropriate access we will respond with a 403 Forbidden error with reason MISSING_INTERNAL_PERMISSION. See Permissions and Roles for more information about Carta's account roles.

Available scopes

read_draftissuersReads details about a draft issuer.
readwrite_draftissuersReads and writes details about a draft issuer.
read_investor_firmsReads information about investor firms.
read_investor_fundsReads information about investor funds.
read_investor_investmentsReads information about investor investments.
read_investor_capitalizationtablesReads the capitalization tables of investor investments.
read_issuer_capitalizationtablesummaryReads the summary capitalization table of an issuer.
read_issuer_infoReads issuer details such as name, description, and website.
read_issuer_securitiesReads details of issuer securities such as options, RSUs, RSAs, and certificates.
read_issuer_shareclassesReads share class information about an issuer.
read_issuer_stakeholdersReads details about stakeholders who have received equity from an issuer.
read_issuer_valuationsReads valuation information about an issuer.
read_portfolio_infoReads basic information about a portfolio such as profile information.
read_portfolio_securitiesReads basic information about securities in a portfolio (i.e. holdings).
read_portfolio_transactionsReads information about a portfolio's security transactions.
read_user_infoReads information about the current user such as id, name, and email address.

We also support three additional scopes related to user information: openid, profile, and email. See the OpenID Connect Basic Client Implementer's Guide for more information on these scopes:

openidAn OpenID Connect scope to access the User Info endpoint.
profileAn OpenID Connect scope which returns common fields in the id_token.
emailAn OpenID Connect scope which returns email related fields in the id_token.