# Token scopes

The InEvent **Access Token** has a few different scopes that limits its usage for certain endpoints and operations. Depending on the scope in use, you might get different responses for the same `API call`, usually with limited information for the given scope.

### System scope

This is the scope that gives full access to all your **Access Token** capabilities, essentially allowing it to do all operations that **Access Token** is allowed to. If you are an administrator of a `Company` or an `Event`, this scope will give full access to all data contained in those modules.

### Event scope

This scope gives you limited access to a single `Event` your **Access Token** can access. When accessing it using credentials limited to the **Event scope**, in case your user has `Admin` permission level on the Event environment, it will be automatically downgraded to `User` permission level. To gain full `Admin` permission level on the Event environment, you must use credentials associated to the **System scope**.

### How to differentiate scopes

The **System scope** is accessible through the `person.signIn` endpoint without using the `eventID` query attribute. Also, it has its own password specific for its scope.

The **Event scope** is accessible through the `person.signIn` endpoint while using the `eventID` query attribute. It has a different password than the **System scope**. In case you use the same password as the **System scope**, you will get a **System scope** access token.

**PS:** Event `Magic Links` are always limited to the **Event scope**.