Handling scope changes

To change the scopes for your integration (whether adding or removing permissions), for now you must contact the Greenhouse Partner Support team at [email protected]. You cannot modify these scopes yourself.

Once the Greenhouse team processes your request, here is how the changes will affect your existing users and tokens:

1. Adding Scopes

If you request to add new scopes to your application (e.g., adding harvest:candidates:create):

• Existing Tokens: Your current Access and Refresh tokens remain valid. However, they do not automatically gain the new permissions. They will continue to work only for the scopes they were originally granted.
• Action Required: To use the new scopes, the user must re-authorize. You must direct the user through the Step 2 (Initiate Connection) flow again. Once they consent to the new permissions, you will receive a new token set that includes the added scopes.

2. Removing Scopes

If you request to remove scopes from your application (e.g., you no longer need harvest:users:list):

• Immediate Enforcement: Access to the removed scope is revoked immediately upon the update by Greenhouse.
  • Even if a user has a valid, unexpired Access Token, the API performs a real-time check during the request. If the scope has been removed from your client application, the API request will fail with an authorization error.
• Refresh Tokens: Your stored Refresh Tokens remain valid. You do not need to log the user out.
• Action Required: No user action is required. The next time your system refreshes the token (Step 6), the new Access Token issued will automatically reflect the reduced permission set.

3. Simultaneous Changes (Add & Remove)

If you submit a request to add some scopes and remove others at the same time:

• Removals take effect immediately for all users.
• Additions will not be available until the user re-authorizes the connection.