Strava · OAuth Scopes

Strava OAuth Scopes

OAuth 2.0 derived

Strava publishes 7 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Strava API on a user’s behalf.

Tokens are issued from https://www.strava.com/oauth/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

CyclingFitnessFitness TrackingRunningSports
Scopes: 7 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://www.strava.com/oauth/authorize
Token URL
https://www.strava.com/oauth/token
Flows
authorizationCode

Scopes (7)

ScopeDescriptionFlows
activity:read Read the user's activity data for activities that are visible to Everyone and Followers authorizationCode
activity:read_all Same access as activity:read with the addition of activities with visibility set to Only You authorizationCode
activity:write Access to create manual activities and uploads, and access to edit any activities that are visible to the app authorizationCode
profile:read_all Read all profile information even if the user has set their profile visibility to Followers or Only You authorizationCode
profile:write Update the user's weight and Functional Threshold Power (FTP), and access to star or unstar segments on their behalf authorizationCode
read Read public segments, public routes, public profile data, public posts, public events, club feeds, and leaderboards authorizationCode
read_all Read private routes, private segments, and private events for the user authorizationCode

Source

OAuth Scopes

strava-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/strava-openapi.yml
schemes:
- name: stravaBearerAuth
  source: openapi/strava-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://www.strava.com/oauth/authorize
    tokenUrl: https://www.strava.com/oauth/token
  description: OAuth 2.0 Bearer token. Obtain via the authorization code flow at https://www.strava.com/oauth/authorize.
scopes:
- scope: activity:read
  description: Read the user's activity data for activities that are visible to Everyone and
    Followers
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: activity:read_all
  description: Same access as activity:read with the addition of activities with visibility
    set to Only You
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: activity:write
  description: Access to create manual activities and uploads, and access to edit any activities
    that are visible to the app
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: profile:read_all
  description: Read all profile information even if the user has set their profile visibility
    to Followers or Only You
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: profile:write
  description: Update the user's weight and Functional Threshold Power (FTP), and access to
    star or unstar segments on their behalf
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: read
  description: Read public segments, public routes, public profile data, public posts, public
    events, club feeds, and leaderboards
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml
- scope: read_all
  description: Read private routes, private segments, and private events for the user
  flows:
  - authorizationCode
  sources:
  - openapi/strava-openapi.yml