> ## Documentation Index
> Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scopes

> Enabling required permissions for API calls

Below is a complete list of the API scopes available. You can also find the scope a specific API requires in the [API Reference](/api-reference/introduction) section.

## Wallet APIs

| Scope                         | Description                                        | Server Key | Client Key |
| ----------------------------- | -------------------------------------------------- | ---------- | ---------- |
| `wallets.read`                | Retrieve all wallets for a user.                   | ✅          | ✅          |
| `wallets.create`              | Create a wallet for a user.                        | ✅          | ✅          |
| `wallets:nfts.read`           | Fetch the NFTs owned by a specific wallet address. | ✅          | ✅          |
| `wallets:balance.read`        | Get the balance of a specific wallet address.      | ✅          | ✅          |
| `wallets:transactions.create` | Create a transaction from a user's wallet.         | ✅          | ✅          |
| `wallets:transactions.sign`   | Sign a transaction from a user's wallet.           | ✅          | ✅          |
| `wallets:transactions.read`   | Read transactions from a user's wallet.            | ✅          | ✅          |
| `wallets:signatures.create`   | Create a signature for a wallet.                   | ✅          | ✅          |
| `wallets:signatures.read`     | Read a signature for a wallet.                     | ✅          | ✅          |
| `wallets.fund`                | Send funds to a wallet.                            | ✅          | ✅          |
| `wallets:nfts.transfer`       | Transfer an NFT from a user's wallet.              | ✅          |            |
| `wallets:messages.sign`       | Sign a message from a user's wallet.               | ✅          |            |

<Note>When using the [Wallets SDK](/sdk-reference/wallets/typescript/overview) you ***must*** use a client-side API key.</Note>

## Authentication

| Scope          | Description                           | Server Key | Client Key |
| -------------- | ------------------------------------- | ---------- | ---------- |
| `users.create` | Create users / allow them to sign up. |            | ✅          |
| `users.read`   | Get profile info for user accounts.   |            | ✅          |

## Tokenization (Minting) APIs

| Scope                          | Description                                                                | Server Key | Client Key |
| ------------------------------ | -------------------------------------------------------------------------- | ---------- | ---------- |
| `nfts.create`                  | Mint your NFTs and deliver them to a wallet or to an email address.        | ✅          |            |
| `nfts.update`                  | Update a minted NFT's metadata on IPFS (image, description, name...).      | ✅          |            |
| `nfts.read`                    | Retrieve all metadata for an NFT.                                          | ✅          |            |
| `nfts.delete`                  | Burn a specific NFT within a collection.                                   | ✅          |            |
| `nfts.transfer`                | Transfer an NFT to a different wallet.                                     | ✅          |            |
| `collections.create`           | Create a collection of NFTs.                                               | ✅          |            |
| `collections.update`           | Update information for an existing collection (image, name, royalties...). | ✅          |            |
| `collections.read`             | Retrieve the information about a specific collection.                      | ✅          |            |
| `credentials.read`             | Fetch credentials, some endpoints will only work with a server side key.   | ✅          | ✅          |
| `credentials.decrypt`          | Decrypt credentials, mainly used by our client side SDK.                   | ✅          | ✅          |
| `credentials:templates.create` | Create a template for your credentials.                                    | ✅          |            |
| `credentials.create`           | Issue your credentials and create credential types                         | ✅          |            |
| `credentials.delete`           | Revoke a credential issued to a subject.                                   | ✅          |            |

## Checkout APIs

| Scope           | Description                                     | Server Key | Client Key |
| --------------- | ----------------------------------------------- | ---------- | ---------- |
| `orders.create` | Create an order for headless checkout.          | ✅          | ✅          |
| `orders.read`   | Get an existing order for headless checkout.    | ✅          | ❌          |
| `orders.update` | Update an existing order for headless checkout. | ✅          | ❌          |

<Note>
  Client-side API keys only have access to the `orders.create` scope. When reading or updating order status from the
  client-side, you must pass the `clientSecret` returned in the create-order call as an `authorization` header for
  subsequent order operations (get-order, update-order). The `clientSecret` provides the authorization and an API Key
  is not required in this use case. See [this
  guide](/payments/headless/guides/client-or-server#client-side-example-code) in the Headless Checkout docs.
</Note>

## Project Administration

| Scope                 | Description                                       | Server Key | Client Key |
| --------------------- | ------------------------------------------------- | ---------- | ---------- |
| `billing.readonly`    | Get balance in credits for a project.             | ✅          |            |
| `projects:usage.read` | Get usage for the different products in a project | ✅          |            |