Scopes

Scopes control what data your credential can access. When creating an API key or OAuth2 credential, select only the scopes your application needs.

Available Scopes

Read scopes grant access to single-item lookup and batch lookup endpoints.

Scope	Description
`ndc.read`	Look up NDC drug data
`npi.read`	Look up NPI provider data
`rxnorm.read`	Look up RxNorm data
`loinc.read`	Look up LOINC codes
`icd10.read`	Look up ICD-10 codes
`cvx.read`	Look up CVX vaccine codes
`mvx.read`	Look up MVX manufacturer codes
`fda-label.read`	Look up FDA drug labels
`snomed.read`	Look up SNOMED CT concepts and mappings
`connectivity.read`	Look up provider connectivity and FHIR endpoints
`claims.read`	Look up CMS claims data (NCCI, MUE, PFS/RVU, coverage)

Search scopes grant access to full-text search endpoints. These are separate from read scopes because search operations are more resource-intensive.

Scope	Description
`ndc.search`	Search NDC drug products
`npi.search`	Search NPI providers
`rxnorm.search`	Search RxNorm drugs
`loinc.search`	Search LOINC codes
`icd10.search`	Search ICD-10 codes
`cvx.search`	Search CVX vaccine codes
`mvx.search`	Search MVX manufacturer codes
`fda-label.search`	Search FDA drug labels
`snomed.search`	Search SNOMED CT IPS concepts

Lookup endpoints (e.g., GET /v1/ndc/:code) require the corresponding .read scope
Search endpoints (e.g., GET /v1/ndc/search) require the corresponding .search scope
If your credential lacks a required scope, the API returns a 403 Forbidden error with the required scope
New credentials include both read and search scopes by default
You can create credentials with specific scopes in the Dashboard

Use minimal scopes — Only request the scopes your application actually needs
Separate credentials per service — If you have multiple services, give each its own credential with only the scopes it requires
Audit regularly — Review your credentials and remove any that are no longer in use