User roles and permissions
Most Brex APIs require a Brex admin to grant access. In these cases, only users with the account admin role can be authenticated.
Additionally:
- Bookkeepers may access the accounting API .
- Partners using the onboarding API authenticate with a Client Credentials Grant –there is no user associated with this API access.
Scopes
Scopes define which endpoints your app has access to. You will specify your scopes when generating your user token.
For more information on how scopes work in general, see the OAuth website.
Scopes are additive
As a general security practice, you should request the minimum set of scopes required for whatever action the user is performing. For instance, if you are building a simple app that lists all of a company's cards, you should request the cards.readonly scopes. Since you are not modifying any data, you only need the readonly version of the cards scope.
If you later want to add new functionality that requires fetching user information, or make updates to cards, you can request those scopes (users, cards) which will send the user through the authentication flow again and add those scopes to their previously consented scopes.
User scopes
At the beginning of each API reference, there is a list of the scopes required for that given API. They are also listed here for convenience.
Authentication
These 2 scopes are included automatically in user tokens.
openid |
Make an OpenID Connect request |
offline_access |
Obtain an OAuth 2.0 refresh token |
Onboarding API
https://onboarding.brexapis.com/referrals |
View and manage referrals |
Payments API
vendors.readonly |
View vendor data |
vendors |
View and manage vendor data |
transfers.readonly |
View existing transfers |
transfers |
View and manage transfers |
Team API
users.readonly |
View user data |
users |
View and manage user data |
locations.readonly |
View location data |
locations |
View and manage location data |
departments.readonly |
View department data |
departments |
View and manage department data |
cards.readonly |
View card data |
cards |
View and manage card data |
cards.pan |
View card number data |
companies.readonly |
View company data |
Transactions API
transactions.cash.readonly |
View cash transaction data |
accounts.card.readonly |
View card accounts |
accounts.cash.readonly |
View cash accounts |
statements.card.readonly |
View card statement data |
Accounting API (Legacy support)
https://accounting.brexapis.com/cash |
Brex Cash account access |
https://accounting.brexapis.com/card |
Brex Card account access |