Which OAuth permissions are required for the app?

OAuth scopes allow us to specify exactly how an app needs to access a user’s monday.com and Microsoft 365 accounts.

Scopes for Microsoft 365

The scopes listed below are all the Microsoft Graph OAuth scopes that the app does use.

Scope	Description	Why used
`openid`	Sign users in	To sign-in to Microsoft 365
`offline_access`	Maintain access to data you have given it access to	Allows the user to sign in to Microsoft 365 a single time and then use that
`profile`	View users' basic profile	To view the profile details associated with your Microsoft 365 user.
`email`	View users' email address	To view the email address associated with your Microsoft 365 user.
`User.Read`	Sign in and read user profile	To view who you are signed into Microsoft 365 as.
`Files.ReadWrite.All`	Have full access to all files user can access	To access SharePoint and OneDrive for Business files and folders.
`Sites.ReadWrite.All`	Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user.	To access SharePoint and OneDrive for Business files and folders.
`Mail.Send`	Send mail as a user	To send emails on the behalf of the Microsoft 365 user.

A full list of Microsoft Graph permissions is available in the Microsoft Graph permissions reference.

The scopes listed below are all the monday.com OAuth scopes that the app does use.

Scope	Description	Why used
`me:read`	Read a user's profile information	Used by data export automations to display user data
`boards:read`	Read user's boards data	Used by data export automations: Templated document generation – Export to Word Templated HTML email generation Export board data to Excel
`boards:write`	Modify user's boards data	Used by data import automations: Import board data from Excel
`workspaces:read`	Read user's workspaces data
`users:read`	Read the profile information of the users on the account	Used by data export automations to populate the data for columns of type People
`account:read`	Read general information about the account	Used by data export automations to display account data
`updates:read`	Read updates and replies the user can see	Used by Export/sync files attached to updates into SharePoint
`assets:read`	Read information of assets that the user has access to	Used by Secure Embed • Microsoft 365 Export/sync files attached to updates into SharePoint
`teams:read`	Read information about teams in the account	Used by data export automations to populate the data for columns of type People

The scopes listed below are all the monday.com OAuth scopes that the app does not use.

Scope	Description
`docs:read`	Read user's docs
`docs:write`	Modify user's docs
`workspaces:write`	Modify user's workspaces data
`users:write`	Modify the profile information of the users on the account
`notifications:write`	Send notifications on behalf of the user
`updates:write`	Post or edit updates on behalf of the user
`tags:read`	Read the tags of the account
`webhooks:write`	Create and modify webhooks
`webhooks:read`	Read existing webhooks configuration