Drive API Scopes and Permissions
This guide explains Reference for the 9 Drive scopes, plan and add-on access, mailbox constraints, and safe token design. so you can complete the TrekMail task with confidence.
Article details
Type, difficulty, plans, and last updated info.
▼
Article details
Type, difficulty, plans, and last updated info.
- Type
- Reference
- Difficulty
- Intermediate
- Plans
- Starter · Pro · Agency · + Drive Add-on
- Last updated
- May 9, 2026
Drive scopes decide exactly what an API token or MCP agent can do with TrekMail Drive. A good token is narrow: it has the smallest set of scopes needed for one job, a clear name, and an expiration date.
The Drive API adds 9 scopes across Account Drive, mailbox Drive, share links, permanent delete, and read-only Drive Add-on status. These scopes belong to ops tokens (tm_live_...). Message tokens (tm_msg_...) are still for email operations.
Scope reference
| Scope | Use it for | Notes |
|---|---|---|
drive:account:read |
List Account Drive spaces, folders, files, trash, usage, and download links | Safe default for reporting and search agents |
drive:account:write |
Create folders, upload files, rename, move, trash, and restore in Account Drive | Mutates files but does not permanently delete |
drive:account:share |
Create, list, and revoke public share links for Account Drive files | Raw share tokens are returned only when created |
drive:account:purge |
Permanently purge trashed Account Drive items and empty trash | High-risk scope; grant only to trusted maintenance agents |
drive:mailbox:read |
Browse mailbox Drive spaces allowed by the token | Can be narrowed with mailbox constraints |
drive:mailbox:write |
Upload and manage files in allowed mailbox Drive spaces | Mutates mailbox-owned Drive data |
drive:mailbox:share |
Create, list, and revoke public links for allowed mailbox files | Use with clear expiry and download limits |
drive:mailbox:purge |
Permanently purge trashed mailbox Drive files and folders | High-risk scope; keep separate from daily automation |
drive:addon:read |
Read Drive Add-on status, pricing, and cancellation preview | Read-only; no subscription mutations |
Read, write, share, purge
Drive separates common tasks into four permission levels:
- Read can list spaces, browse folders, inspect metadata, view trash, and request download URLs.
- Write can upload, create folders, rename, move, trash, and restore.
- Share can create, list, and revoke public share links.
- Purge can permanently delete trashed items or empty trash.
Do not give purge to a general-purpose assistant. If you need automated cleanup, create a separate token named for that job, keep it disabled in MCP until needed, and review the audit log after each run.
Plan and add-on access
Drive API access is available when the account has Drive entitlement through a paid plan or an active Drive Storage Add-on. A free account with an active add-on can use Drive scopes for storage automation, similar to how Email Verifier scopes are available independently of full infrastructure API access.
If a Drive Add-on is canceled and enters its grace window, read access can remain available so files can be reviewed and exported. Write, share, and purge access may be restricted until the account returns to an active storage state.
Account Drive versus mailbox Drive
Account Drive scopes and mailbox Drive scopes are intentionally separate. A billing or operations agent may need Account Drive only. A mailbox assistant may need access to one mailbox Drive and nothing else.
Use mailbox constraints when creating a token for mailbox automation. A constrained token can only see allowed mailbox spaces. Requests for other mailboxes return a not-found style response, which avoids leaking account structure to a narrowly scoped integration.
Drive Add-on scope is read-only
drive:addon:read lets an agent read add-on status, pricing, and cancellation preview. It cannot buy storage, resize an add-on, cancel a subscription, or trigger a payment action.
That boundary is deliberate. Storage billing changes stay in the dashboard, where a human can review capacity, price, currency, billing period, and payment confirmation. There is no drive:addon:write scope.
Recommended token patterns
| Workflow | Recommended scopes | Avoid |
|---|---|---|
| Reporting agent | drive:account:read, maybe drive:mailbox:read |
write/share/purge |
| Upload automation | drive:account:read, drive:account:write |
purge |
| Client delivery links | drive:account:read, drive:account:share |
purge unless cleanup is separate |
| Mailbox assistant | drive:mailbox:read, maybe drive:mailbox:write, constrained to one mailbox |
account-wide scopes |
| Cleanup job | read/write plus the exact purge scope required | broad unconstrained tokens |
| Storage monitor | drive:addon:read, drive:account:read |
billing writes, not available by API |
What happens when a scope is missing
If a token lacks the required Drive scope, the API returns a permission error. If the token is constrained away from a mailbox or resource, the API may return not found. This protects private account structure from integrations that should not know it.
Related articles
Jump to nearby guides that continue the workflow.