Common Model and Field Scopes

Control which Common Models and fields you sync in your Merge app

Abe Chen avatar
Written by Abe Chen
Updated this week

Introduction

Data security is a top priority at Merge, and we know it is for you too! Scopes allows for precise control over data, ensuring that only relevant Common Models and fields are synced through Merge.


Below, you’ll find features and endpoints related to two levels of Scopes.

  • Default Scopes apply to all new Linked Accounts for a given category

  • Linked Account Scopes apply only to a specific end user (Linked Account).

The Scopes applied to a Linked Account are first determined by the Linked Account Scopes, and fall back to Default Scopes for any that haven’t been set.

Data Minimization

Disabling Scopes: Fully disabling a Common Model Scope will also disable all of its associated fields. Disabled Scopes means that Merge will no longer make any requests to fetch the associated data.

Auto disabling: Model or fields that are not actively used will be auto disabled after 90 days of inactivity (no API requests to the respective model or field).

Data deletion: After a set of Common Model or field Scopes have been disabled for 30 days, we will automatically delete all of the associated data. To re-fetch this data, enable the Scopes and it will automatically populate after the next scheduled sync.

How do I check what data is passed through Merge?

You can check the Scopes tab in your Merge Dashboard to see the various access levels per Common Model and field.

How can I control what data is passed through Merge?

If you want to adjust the Scopes for a model, first switch the blue toggle on the top right from "Viewing" to "Editing". Disabling a Common Model or field means that Merge will not make any API requests to get the associated data and no longer store that data to our database.

Pricing: All Merge users will have access to Common Model Scopes.
Only Professional & Enterprise plan users will be able to adjust field level Scopes.

What happens after I enable new scopes?

By default, Merge will only sync data that has changed since the last sync. However, after enabling a new scope, Merge will warn you that a new sync from start will take place:

This means that after you make changes to the scopes, a more comprehensive sync takes place. In this sync, Merge will again fetch all items from your linked accounts regardless of the date of the last change. This is done to populate the previously disabled fields for all items.

Depending on the amount of data being synchronized and the rate limits imposed by our integration partners, this sync will take longer than a regular sync.

You can continue to work with your account data while the sync is in progress, but the newly added data will not be available for all items until the sync is complete.

What if my users require different levels of access?

You can also enable Scopes functionality with our prebuilt Dashboard and Link UI. You can adjust your users' Scopes setting under their Linked Account -> Data Tab.

New Linked Accounts will follow the default Scopes set per category unless you explicitly override those preferences on a per Linked Account basis. Once you override a Linked Account Scopes it will be fixed unless you "reset to org default".

Enterprise Plan Scopes Features

The following Scopes features - Scopes via API and User Configurable Scopes are only available on an Enterprise plan.

User Configurable Scopes

To give your users control over their Scopes during the linking flow simply mark the model or field as optional in Dashboard. Models and fields that are marked as optional will be enabled by default but able to be disabled by your users prior to connecting.

Can I control data access programatically?

Yes! You can configure Scopes programatically with our API. You can configure Scopes programmatically for a specific user before or after they link. See our API documentation to learn more.

  1. Before Linking: POST /link-token

Did this answer your question?