XWMS Docs xwms.nl
On this page Clients Domains Scopes Review checklist

XWMS API Clients Domains and Scopes

How XWMS API client configuration works.

Clients, Domains, and Scopes

XWMS API access is built around clients, domains, and scopes.

Clients

A client represents an application, website, or integration. It has credentials, settings, and allowed domains.

Domains

Domains tell XWMS where the client is allowed to operate. API requests include client headers and domain context so XWMS can enforce the correct access rules.

Scopes

Scopes define what a client may access. Examples include profile information, addresses, payment-related data, or other user-specific resources.

Users approve access before a client can use protected scopes.

Review checklist

  • Client is active.
  • Domain is verified and active.
  • Client secret is not exposed in frontend code.
  • Required scopes are enabled.
  • User has approved the required scope.
  • Test/live mode matches the request context.