To use or manage any resource in enablehr, you must use a token with the appropriate scope, and your user account must have appropriate permissions for that resource
To list employees in your account , your token must have the read:employees scope, and your user account must have read permissions for the account
Note: Your OAuth App can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space using %20:
The scope attribute lists scopes attached to the token that were granted by the user. Normally, these scopes will be identical to what you requested. However, users can edit their scopes, effectively granting your application less access than you originally requested. You should be aware of this possibility and adjust your application's behavior accordingly.
It's important to handle error cases where a user chooses to grant you less access than you originally requested. For example, applications can warn or otherwise communicate with their users that they will see reduced functionality or be unable to perform some actions.
Also, applications can always send users back through the flow again to get additional permission, but don’t forget that users can always say no.