---
title: Scopes | Lightfield
description: Scopes in the Lightfield API.
---

Scopes control what your [API key](/using-the-api/api-keys/index.md) can do. Each scope grants a permission (create, update, or read) for a specific object type.

## Available scopes

The Lightfield API supports the following scopes:

| Scope                  | Description          |
| ---------------------- | -------------------- |
| `accounts:create`      | Create accounts      |
| `accounts:update`      | Update accounts      |
| `accounts:read`        | Read accounts        |
| `contacts:create`      | Create contacts      |
| `contacts:update`      | Update contacts      |
| `contacts:read`        | Read contacts        |
| `opportunities:create` | Create opportunities |
| `opportunities:update` | Update opportunities |
| `opportunities:read`   | Read opportunities   |
| `lists:create`         | Create lists         |
| `lists:update`         | Update lists         |
| `lists:read`           | Read lists           |
| `members:read`         | Read members         |

When you create an [API key](/using-the-api/api-keys/index.md), you select which scopes to grant. Requests using that key can only perform operations allowed by its scopes.

See the [API Reference](/api/index.md) to see which endpoints require which scopes. Each endpoint documents the scope(s) needed to call it.

## Best practices

**Use the narrowest scope when creating a key.** Grant only the scopes an integration requires. For example, if a key is only used to read accounts and contacts, grant `accounts:read` and `contacts:read` instead of create or update. Restricting scopes ensures that integrations cannot perform operations beyond their intended purpose (e.g. mutations when only read access is needed).