Common Model and Field Scopes

Control which Common Models and fields you sync in your Merge app

Abe Chen avatar
Written by Abe Chen
Updated this week

Introduction

Data security is a top priority at Merge, and we know it is for you too! Scopes allows for precise control over data, ensuring that only relevant Common Models and fields are synced through Merge.


Below, you’ll find features and endpoints related to two levels of Scopes.

  • Default Scopes apply to all new Linked Accounts for a given category

  • Linked Account Scopes apply only to a specific end user (Linked Account).

The Scopes applied to a Linked Account are first determined by the Linked Account Scopes, and fall back to Default Scopes for any that haven’t been set.

Data Minimization

Disabling Scopes: Fully disabling a Common Model Scope will also disable all of its associated fields. Disabled Scopes means that Merge will no longer make any requests to fetch the associated data.

Auto disabling: Model or fields that are not actively used will be auto disabled after 90 days of inactivity (no API requests to the respective model or field).

Data deletion: After a set of Common Model or field Scopes have been disabled for 30 days, we will automatically delete all of the associated data. To re-fetch this data, enable the Scopes and it will automatically populate after the next scheduled sync.

How do I check what data is passed through Merge?

You can check the Scopes tab in your Merge Dashboard to see the various access levels per Common Model and field.

How can I control what data is passed through Merge?

If you want to adjust the Scopes for a model, first switch the blue toggle on the top right from "Viewing" to "Editing". Disabling a Common Model or field means that Merge will not make any API requests to get the associated data and no longer store that data to our database.

Pricing: All Merge users will have access to Common Model Scopes.
Only Professional & Enterprise plan users will be able to adjust field level Scopes.

What if my users require different levels of access?

You can also enable Scopes functionality with our prebuilt Dashboard and Link UI. You can adjust your users' Scopes setting under their Linked Account -> Data Tab.

New Linked Accounts will follow the default Scopes set per category unless you explicitly override those preferences on a per Linked Account basis. Once you override a Linked Account Scopes it will be fixed unless you "reset to org default".

Enterprise Plan Scopes Features

The following Scopes features - Scopes via API and User Configurable Scopes are only available on an Enterprise plan.

User Configurable Scopes

To give your users control over their Scopes during the linking flow simply mark the model or field as optional in Dashboard. Models and fields that are marked as optional will be enabled by default but able to be disabled by your users prior to connecting.

Can I control data access programatically?

Yes! You can configure Scopes programatically with our API. You can configure Scopes programmatically for a specific user before or after they link. See our API documentation to learn more.

  1. Before Linking: POST /link-token

Did this answer your question?