Attio OAuth scopes — Foyai docs (v1)

Scopes Foyai requests at install

The exact set, with what each is used for:

Scope

Used for

record:read

Read companies, deals, people. Power room auto-build (research, stakeholders, deal context).

record:write

Write the foyai_* attributes on Deals. Link stakeholders to companies.

object_configuration:read

Read your workspace's object + attribute configuration so provisioning is idempotent.

object_configuration:write

Create the foyai_room custom object + five foyai_* Deal attributes on install.

note:read / note:write

Read call notes (intelligence pass) and write Foyai-authored notes on Deals (engagement summaries, room links).

task:read / task:write

Bi-directional Mutual Action Plan ↔ Attio task sync.

list_entry:read

Detect when a deal moves into a list relevant to room creation (e.g., a renewals pipeline).

workspace_member:read

Map Attio members to Foyai users for seat provisioning + audit trails.

webhook:read / webhook:write

Subscribe to the Attio webhooks listed on the setup page.

What Foyai does not request

No access to your email or calendar — Foyai is not an email client.
No access to other workspaces — installs are workspace-scoped.
No legacy "read_write" generic scope.

Adding or changing scopes

If a future Foyai release needs a new scope, the install banner inside the app will surface a re-authorization prompt with the exact new scope listed. Until you re-authorize, the new feature is disabled — but the rest of Foyai keeps working with the current scope set.

Attio OAuth scopes.

Scopes Foyai requests at install

What Foyai does not request

Adding or changing scopes

Related