Infusionsoft OAuth scope & API monitoring

Hi there,

We gave access to some third party applications to our Infusionsoft instance. They authenticate via OAuth and as per my understanding they get full access (given that the only value for the OAuth scope supported by Infusionsoft is “full”). So my first question is about controlling the scope… Is there a way to control what third party applications can access? It seems a bit unsecure to give full read/write access by default to any apps that are authorised to access our Infusionsoft instance.
On top of that, I’m quite keen to understand what are the current mechanism to monitor API calls made by those applications so that we can track what has been accessed/modified and by whom. Is there anything in place in Infusionsoft to log API interactions (e.g. audit log, event log…)?

Thanks for your answer.


As we transition from our Classic data model to more current offerings we are looking at making scope of requested permissions more granular, but at the moment the authorization is the same as whomever is authenticating the request. We do have ways to examine calls on our end, which we use to identify and action against bad actors, but do not provide call auditing at this time as a service.

1 Like

Thanks Tom for you answer.