List<APISecurityScope> scopes
read / write