Scopes for API Tokens
Last edited on 6 May 2026
Most scopes in this table are granular scopes that grant access to a specific resource type and action. These are the scopes available in the Custom Scopes picker on the token creation page.
api:read and api:write are alias scopes. They are global scopes that automatically expand to include new API endpoints as they are added. api:read is equivalent to all read scopes, and api:write is equivalent to all scopes.
Alias scopes are not available in the Custom Scopes picker. Instead, they map to the Read Only and Full Access options on the token creation page. When creating tokens through the API, you can include them directly in the scopes array.
| Scope | Description |
|---|---|
account:read |
View user account details |
actions:read |
View events of shared resources that have occurred in the current team |
addon:read |
View marketplace addon resources |
addon:create |
Create marketplace addon resources |
addon:update |
Modify marketplace addon resources |
addon:delete |
Delete marketplace addon resources |
api:write |
Perform write operations via the API |
api:read |
Perform read operations via the API |
app:read |
View App Platform apps |
app:update |
Modify App Platform apps |
app:delete |
Delete App Platform apps |
app:access_console |
Access console of App Platform apps |
app:create |
Create App Platform apps |
billing:read |
View and receive billing and invoice information |
block_storage:read |
View Block Storage volumes |
block_storage:delete |
Delete Block Storage volumes |
block_storage:create |
Create Block Storage volumes |
block_storage_action:read |
View Block Storage volume history |
block_storage_action:create |
Attach and detach Block Storage volumes |
block_storage_snapshot:read |
View Block Storage volume snapshots |
block_storage_snapshot:create |
Create Block Storage volume snapshots |
block_storage_snapshot:delete |
Delete Block Storage volume snapshots |
cdn:read |
View CDN endpoints |
cdn:create |
Create CDN endpoints |
cdn:update |
Modify CDN endpoints |
cdn:delete |
Delete CDN endpoints |
certificate:read |
View SSL certificates |
certificate:delete |
Delete SSL certificates |
certificate:create |
Upload SSL certificates |
database:read |
View Managed Databases |
database:update |
Update Managed Databases |
database:delete |
Delete Managed Databases |
database:view_credentials |
View Databases Credentials |
database:create |
Create Managed Databases |
domain:read |
View domains and domain records |
domain:create |
Create domains and domain records |
domain:update |
Modify domains and domain records |
domain:delete |
Delete domains and domain records |
droplet:read |
View Droplets |
droplet:create |
Create Droplets |
droplet:update |
Modify Droplets |
droplet:delete |
Delete Droplets |
droplet:admin |
Access Droplets |
firewall:read |
View Cloud firewalls |
firewall:create |
Create Cloud firewalls |
firewall:update |
Modify Cloud firewalls |
firewall:delete |
Delete Cloud firewalls |
function:create |
Create Serverless function namespaces and triggers |
function:update |
Modify Serverless function namespaces and triggers |
function:delete |
Delete Serverless function namespaces and triggers |
function:read |
View Serverless function namespaces and triggers |
function:admin |
Full administrative access to Serverless functions, namespaces, and triggers |
functions:admin |
Full administrative access to Serverless functions, namespaces, and triggers |
genai:read |
View generative AI tools |
genai:create |
Create generative AI tools |
genai:update |
Modify generative AI tools |
genai:delete |
Delete generative AI tools |
image:read |
View images |
image:create |
Create images |
image:update |
Modify images |
image:delete |
Delete images |
kubernetes:read |
View Kubernetes clusters but not cluster credentials |
kubernetes:create |
Create Kubernetes clusters |
kubernetes:update |
Modify Kubernetes clusters |
kubernetes:delete |
Delete Kubernetes clusters |
kubernetes:access_cluster |
View and download Kubernetes cluster credentials |
load_balancer:read |
View load balancers |
load_balancer:create |
Create load balancers |
load_balancer:update |
Modify load balancers |
load_balancer:delete |
Delete load balancers |
monitoring:read |
View Monitoring metrics and alert policies |
monitoring:create |
Create Monitoring alert policies |
monitoring:update |
Modify Monitoring alert policies |
monitoring:delete |
Delete Monitoring alert policies |
partner_network_connect:view_credentials |
View Partner Network Connect Credentials |
partner_network_connect:read |
View Partner Network Connect |
partner_network_connect:create |
Create Partner Network Connect |
partner_network_connect:update |
Modify Partner Network Connect |
partner_network_connect:delete |
Delete Partner Network Connect |
project:read |
View projects |
project:create |
Create projects |
project:update |
Modify projects |
project:delete |
Delete projects |
regions:read |
View data center regions |
registry:read |
View container registries |
registry:create |
Create container registries |
registry:update |
Modify container registries |
registry:delete |
Delete container registries |
reserved_ip:read |
View Reserved IP addresses |
reserved_ip:update |
Modify Reserved IP addresses |
reserved_ip:delete |
Delete Reserved IP addresses |
reserved_ip:create |
Create Reserved IP addresses |
sizes:read |
View Droplet plan sizes |
snapshot:read |
View snapshots |
snapshot:delete |
Delete snapshots |
spaces:read |
View Spaces object storage buckets |
spaces:update |
Manage Spaces object storage buckets |
spaces_key:read |
View Spaces access keys |
spaces_key:create_credentials |
Create Spaces access key and view its secret credentials |
spaces_key:create |
Create Spaces access keys |
spaces_keys:create |
Create Spaces access keys |
spaces_key:delete |
Delete Spaces access keys |
spaces_key:update |
Modify Spaces access keys |
ssh_key:read |
View SSH keys |
ssh_key:create |
Upload SSH keys |
ssh_key:update |
Modify SSH keys |
ssh_key:delete |
Delete SSH keys |
tag:create |
Create resource tags |
tag:read |
View resource tags |
tag:delete |
Delete resource tags |
uptime:read |
View Uptime checks |
uptime:create |
Create Uptime checks |
uptime:update |
Modify Uptime checks |
uptime:delete |
Delete Uptime checks |
vendor_portal:read |
View marketplace vendor portal apps |
vendor_portal:create |
Create apps in the marketplace vendor portal |
vendor_portal:update |
Modify marketplace vendor portal apps |
vendor_portal:delete |
Delete marketplace vendor portal apps |
vpc:read |
View VPCs |
vpc:create |
Create VPCs |
vpc:update |
Modify VPCs |
vpc:delete |
Delete VPCs |
vpc_peering:read |
View VPC Peering |
vpc_peering:create |
Create VPC Peering |
vpc_peering:update |
Modify VPC Peering |
vpc_peering:delete |
Delete VPC Peering |