Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.affinity.co/llms.txt

Use this file to discover all available pages before exploring further.

Reference — lookup information.
Affinity offers two syncing methods for Office365 / Azure users: OAuth 2.0 (delegated) and client credential (application). Depending on the method, Affinity will request slightly different MS Graph API scopes/permissions to sync your email/calendar data. Please also note that there are read and readbasic variants. Readbasic limits the amount of data that is available for Affinity to ingest, this includes items such as email bodies, subject lines, and event titles.

Overview

  • Method #1a - Microsoft OAuth 2.0 (delegated)
    • Method #1b - Microsoft Oauth 2.0 readbasic (delegated)
  • Method #2a - Client Credential (application)
    • Method #2b - Client Credentials readbasic (application)
    • Important callout for Client Credential

Method #1a - Microsoft OAuth 2.0 (delegated)

If you’re using Microsoft OAuth 2.0, here are the scopes/permissions that Affinity will request:
  • User.Read
    • Allows users to sign in to the app and enable the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
  • Mail.Read
    • Allows the app to read email in the user’s mailbox.
  • Calendars.Read
    • Allows the app to read events in the user’s calendar.
  • Mail.Send
    • Allows the app to send mail as the user without a signed-in user.
  • offline_access
    • Allows the app to continuously sync your email/calendar data without the need for user interaction.
  • Profile
    • Allows the app to see your users’ basic profile (name, picture, user name).
  • OpenID
    • By using this permission, an app can receive a unique identifier for the user in the form of the subclaim. The consent also gives the app access to the UserInfo endpoint. The OpenID scope can be used at the Microsoft identity platform token endpoint to acquire ID tokens. The app can use these tokens for authentication.
  • Email
    • Allows the app to read your user’s primary email address.

Method #1b - Microsoft OAuth 2.0 readbasic (delegated)

If you’re using Microsoft OAuth 2.0, here are the scopes/permissions that Affinity will request:
  • User.Read
  • Mail.Readbasic
    • Allows the app to read email in the user’s mailbox except body, previewBody, attachments and any extended properties.
  • Calendars.Read
  • offline_access
  • Profile
  • OpenID
  • Email

Method #2a - Client Credential (application)

Please note that this is only available for our Enterprise tier customers. Here are the scopes/permissions that Affinity will request:
  • Mail.Read
    • Allows the app to read mail in all mailboxes without a signed-in user.
  • Mail.send
    • Allows the app to send mail as any user without a signed-in user.
  • Calendars.read
    • Allows the app to read events of all calendars without a signed-in user.
  • Organization.read.all
    • Allows the app to read the organization and related resources on behalf of the signed-in user.
  • User.read.all
    • Allows the app to read the full set of profile properties, group membership, reports, and managers of other users in your organization without a signed-in user.

Method #2b - Client Credential readbasic (application)

Please note that this is only available for our Enterprise tier customers. Here are the scopes/permissions that Affinity will request for readbasic:
  • Mail.Readbasic
    • Allows the app to read basic mail in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties.
  • Mail.send
  • Calendars.read
  • Organization.read.all
  • User.read.all

Important callout for Client Credential