Xoxoday · OAuth Scopes

Xoxoday OAuth Scopes

OAuth 2.0 searched

Xoxoday publishes 2 OAuth 2.0 scopes via the clientCredentials flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Xoxoday API on a user’s behalf.

Tokens are issued from https://accounts.xoxoday.com/chef/v1/oauth/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

RewardsEmployee EngagementGift CardsIncentivesLoyaltyRecognitionDigital RewardsPoints ProgramsRedemptionFintech
Scopes: 2 Flows: clientCredentials Method: searched

OAuth endpoints

Token URL
https://accounts.xoxoday.com/chef/v1/oauth/token
Flows
clientCredentials

Scopes (2)

ScopeDescriptionFlows
user_session Company scope used only for the case of Company access_token generation; compulsory when the authorization request is for company session generation.
company_session Company scope for StoreFront OAuth authorization requests.

Source

OAuth Scopes

xoxoday-scopes.yml Raw ↑
generated: '2026-07-11'
method: searched
source: openapi/openapi.yml
docs: https://xoxoday.gitbook.io/plum/developer-resources/storefront-integration/api-endpoints/authorization
schemes:
- name: oauth2ClientCredentials
  source: openapi/openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://accounts.xoxoday.com/chef/v1/oauth/token
scopes:
- scope: user_session
  description: Company scope used only for the case of Company access_token generation;
    compulsory when the authorization request is for company session generation.
  sources:
  - https://xoxoday.gitbook.io/plum/developer-resources/storefront-integration/api-endpoints/authorization
- scope: company_session
  description: Company scope for StoreFront OAuth authorization requests.
  sources:
  - https://xoxoday.gitbook.io/plum/developer-resources/storefront-integration/api-endpoints/authorization
note: Scopes apply to Xoxoday's StoreFront authorization-code OAuth flow; the Rewards
  API client-credentials flow (https://developers.xoxoday.com/docs/authentication-2)
  documents no scopes, with access controlled by client credentials and IP whitelisting.