Scopes
OAuth permission scopes for controlling agent access.
Axiom uses OAuth2 scopes to control what operations an AI agent can perform. When authorizing an agent, you select which scopes to grant.
Available Scopes
| Scope | Description |
|---|---|
account:read | View profile information, balance, and account summary |
rules:read | View spending rules and limits |
payments:read | Access card and billing details to complete purchases |
transactions:read | View transaction history and details |
transactions:write | Attach receipts and update transaction details |
Scope Details
account:read
Grants access to:
- User profile information (
whoami) - Account summary with creation and update timestamps (
get_account_summary) - Current balance and available funds (
get_balance)
rules:read
Grants access to:
- View the user's configured spending rules and limits
payments:read
Grants access to:
- Retrieve card and billing details to complete a purchase (
get_payment_details)
This is the core scope for enabling agent purchases. When an agent calls get_payment_details, Axiom evaluates the user's spending rules, issues a single-use virtual card, and returns the card details.
transactions:read
Grants access to:
- List recent transactions with optional filtering (
list_transactions)
transactions:write
Grants access to:
- Attach itemized receipts and audit trails to completed transactions (
create_receipt)
Principle of Least Privilege
Grant agents only the scopes they need. For example, an agent that only needs to check balances should only receive account:read — it doesn't need payments:read or transactions:write.