Scopes and permissions
When you connect 3rd party apps, data is shared between those apps and Next Matter. Learn what is being shared to maintain full data security.
Best practice: Connect integrations with a service account, for example, services@mycompany.org, and define what data and permissions you share with this account.
Normally, the service account has read and write access to data so it’s important to decide what the account should have access to.
Integrations with API access
Normally the API key you create shares the same permissions as yourself. That means that whatever you can do as the creator of the key, the key will be able to do at your behest. Some tools let you define the scopes you give to the key, so look up 3rd party docs to find out if the app you want to connect to has this option.
Scopes requested by Next Matter
Individual scopes can be revoked by admins after connection has been established.
Microsoft
| Graph API access to apps | Scopes |
|---|---|
| Default (always requested) | offline_access, openid, profile, email, user.ReadBasic.All |
| OneDrive | files.ReadWrite.All |
| Excel (no-code) | files.ReadWrite.All (the Excel no-code step also requires OneDrive permissions) |
| Sharepoint | sites.ReadWrite.All |
| Teams | channelMessage.Send, chatMessage.Send, chat.ReadWrite |
| Outlook | mail.Send, calendars.ReadWrite |
| Outlook (no-code) | mail.Send |
| Dynamics365 Business Central | financials.ReadWrite.All |
| Google app | Scopes |
|---|---|
| Google Docs | documents, drive |
| Gmail (no-code) | gmail.send gmail.labels gmail.modify gmail.readonly |
| Google Drive | drive, drive.appdata, drive.metadata |
| Google Sheets | spreadsheets |
| Google Sheets (low-code) | drive, spreadsheets |
| Google Slides | presentations |
Zendesk
| App | Scopes |
|---|---|
| Zendesk (no-code) | read, write |
| Next Matter sidebar in Zendesk | token-based so no scopes apply |
Freshdesk
| App | Scopes |
|---|---|
| Freshdesk (no-code) | token-based so no scopes apply (any API activities are allowed based on the permissions of the key holder) |
| Next Matter sidebar in Freshdesk | token-based so no scopes apply |
Front
The Front no-code step uses API tokens so you don’t need to define scopes. The same applies to running Next Matter as the sidebar in Front.
OpenAI
The OpenAI no-code step uses API tokens so you don’t need to define scopes.
SendGrid
The scopes are defined by SendGrid’s eSignature REST API authentication (parameters: signature, openid, cors).