RocketLauncher AI

Glossary

What Is a OAuth Scope in GoHighLevel?

By Marnix Geerkens. Published 2026-05-28. Updated 2026-05-28.

An OAuth Scope in GoHighLevel is a specific permission that a Marketplace App or integration requests from a user's account, defining exactly which parts of the GoHighLevel API it can access.

In plain English

When you install a Marketplace App, GoHighLevel shows you a list of what the app wants permission to do: read contacts, write to the calendar, manage conversations, and so on. Each item on that list is a scope. You grant only what the app needs, and it can do nothing else.

Scopes follow the principle of least privilege. A calendar scheduling app should need access to your calendar and contacts, but not to your billing settings or sub-account configuration. If an app requests more permissions than its function requires, that is a red flag.

GoHighLevel defines a standard set of scopes for its API: contacts.read, contacts.write, opportunities.read, conversations.write, and many more. Developers declare which scopes their app requires when they submit it to the Marketplace.

How it works

When a user installs a Marketplace App, GoHighLevel shows a consent screen listing the requested scopes. The user reviews and clicks Authorize. GoHighLevel issues an OAuth access token to the app that is restricted to those scopes only. The app includes the token in API calls, and GoHighLevel enforces the scope restrictions on every request.

Developers request scopes in their app configuration in the GoHighLevel developer dashboard. The narrower the scopes, the easier it is for users to trust the app. GoHighLevel may reject apps that request unusually broad scopes without clear justification.

Frequently asked questions

What is an OAuth Scope in GoHighLevel?

An OAuth scope is a permission that defines what a Marketplace App can access. When you install an app, you see the list of scopes it requests and you choose to grant or deny access.

Can I revoke a scope after granting it?

Yes. You can revoke an app's access entirely from your integration settings. This invalidates its token and the app can no longer make API calls to your account.

Who decides what scopes an app can request?

The app developer requests scopes when they submit their app. GoHighLevel reviews the requested scopes and can require the developer to reduce them if they are excessive for the app's stated purpose.

Related terms

Marketplace AppThe app that requests OAuth scopes from users.Private Integration TokenAn API key for your own integrations, not scope-based.Ed25519 SignatureCryptographic verification for webhook authenticity.Idempotency KeyPrevent duplicate API operations.