Stack Exchange · OAuth Scopes

Stack Exchange OAuth Scopes

OAuth 2.0 derived

Stack Exchange publishes 4 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Stack Exchange API on a user’s behalf.

Tokens are issued from https://stackoverflow.com/oauth/access_token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Q And ADeveloper CommunityKnowledge GraphStack OverflowStack ExchangeReputationTagsCommunityMCPAI Grounding
Scopes: 4 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://stackoverflow.com/oauth
Token URL
https://stackoverflow.com/oauth/access_token
Flows
authorizationCode

Scopes (4)

ScopeDescriptionFlows
no_expiry Issue a token that never expires. authorizationCode
private_info Access endpoints that return personal information. authorizationCode
read_inbox Access the authenticated user's inbox. authorizationCode
write_access Vote, post, comment, flag, accept on the user's behalf. authorizationCode

Source

OAuth Scopes

stackexchange-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/stackexchange-api-v2-3.yaml
schemes:
- name: oauth2
  source: openapi/stackexchange-api-v2-3.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://stackoverflow.com/oauth
    tokenUrl: https://stackoverflow.com/oauth/access_token
  description: |-
    OAuth 2.0 explicit or implicit flow. Apps register on stackapps.com.
    Read methods do not require auth; write methods require `write_access`.
    `private_info` is needed for /me/notifications, /me/inbox, and similar
    private surfaces. `no_expiry` issues tokens that never expire.
scopes:
- scope: no_expiry
  description: Issue a token that never expires.
  flows:
  - authorizationCode
  sources:
  - openapi/stackexchange-api-v2-3.yaml
- scope: private_info
  description: Access endpoints that return personal information.
  flows:
  - authorizationCode
  sources:
  - openapi/stackexchange-api-v2-3.yaml
- scope: read_inbox
  description: Access the authenticated user's inbox.
  flows:
  - authorizationCode
  sources:
  - openapi/stackexchange-api-v2-3.yaml
- scope: write_access
  description: Vote, post, comment, flag, accept on the user's behalf.
  flows:
  - authorizationCode
  sources:
  - openapi/stackexchange-api-v2-3.yaml