Tibber LogoData API

Scopes

OAuth2 scopes used by the Data API

Scopes control which categories of data a client (and its tokens) can access. Users always see a consent screen for newly requested scopes.

Categories

Mandatory OpenID / user identity scopes (standard):

  • openid
  • profile
  • email
  • offline_access (needed for refresh tokens)

Data API specific scopes (grant read access to matching category):

  • data-api-user-read (basic user context; required baseline)
  • data-api-homes-read (list homes)
  • data-api-vehicles-read (vehicles)
  • data-api-chargers-read (EV chargers / EVSE)
  • data-api-thermostats-read (thermostats, heat pumps, space heaters, similar)
  • data-api-energy-systems-read (batteries, hybrid systems; umbrella)
  • data-api-inverters-read (legacy inverter category)

A device only appears if the access token includes the category scope that covers it.

Choosing scopes

You can choose to pick the smallest set your app actually needs. You can request more later; the user will be prompted only for new ones, but do be aware they have to initiate the re-authorization. It is up to you to balance user experience, security and your app's needs.

Tokens and scopes

A token's granted scopes are embedded at issue time. Adding scopes to an existing client does not retroactively change already issued tokens; you must re-run the flow.

Revoking

Removing a client (or altering scopes and re‑authorizing) effectively limits future access. Already issued tokens expire naturally.

Next

Jump back to the Quick start.

Authentication

How to authenticate with the Data API

Managing clients

Create and maintain OAuth2 clients for the Data API

On this page

CategoriesChoosing scopesTokens and scopesRevokingNext