Scopes
Declare the scopes your app needs when you register it. Merchants approve them at install, and the host enforces them on every API call your app makes.
| Scope | Grants |
|---|---|
read:bookings | View bookings, orders, and rental schedules. |
write:bookings | Create, update, and cancel bookings and orders. |
read:customers | View customer and renter profiles. |
write:customers | Create and update customer records. |
read:inventory | View inventory, assets, and availability. |
write:inventory | Update inventory, assets, and pricing. |
read:pos | View point-of-sale catalog and carts. |
write:pos | Create POS orders and carts. |
read:transactions | View payments and transaction history. |
write:transactions | Initiate payments and refunds. |
read:analytics | View aggregated metrics and dashboards. |
read:reports | View and export reports. |
webhooks:receive | Receive event notifications from RentalTide. |
Request the least you need. Apps that ask for narrow scopes get approved and installed faster.
How the host maps calls to scopes
Each API path resolves to a resource family, and the method decides read vs write:
| Path prefix | Resource | GET → | other → |
|---|---|---|---|
/bookings, /orders, /schedules | bookings | read:bookings | write:bookings |
/customers, /renters | customers | read:customers | write:customers |
/inventory, /assets, /availability | inventory | read:inventory | write:inventory |
/pos, /carts | pos | read:pos | write:pos |
/transactions, /payments, /refunds | transactions | read:transactions | write:transactions |
/analytics, /metrics | analytics | read:analytics | read:analytics |
/reports, /exports | reports | read:reports | read:reports |
Paths outside these families are not available to apps (default-deny).
Embed locations
An embed location is a surface inside RentalTide where your app's iframe mounts. Declare one or more when you register. Each provides a resource in context.
| Location | Resource in context | Typical scopes |
|---|---|---|
dashboard-widget | none | read:analytics, read:bookings |
order-details | the order | read:bookings |
booking-details | the booking | read:bookings |
customer-profile | the customer | read:customers |
inventory-detail | the inventory item | read:inventory |
asset-tracking | the asset | read:inventory, read:bookings |
checkout-flow | the in-progress cart | read:bookings, read:pos |
pos-cart | the active cart | read:pos, write:pos |
settings-panel | none | — |
Read the current resource from app.context.resource:
The canonical lists (SCOPE_CATALOG, EMBED_LOCATIONS) ship in @rentaltide/app-sdk, so your UI and the docs always agree.