Permissions BooApps use a permission system to control access to native device features. Each permission group grants access to specific Bridge API actions.
How Permissions Work
Declare every scope you call in your submission (or in your booapp.json for auto-import) On first launch, Peqaboo shows a bottom-sheet listing every requested scope, grouped by category The runtime enforces scopes per-call — anything outside your declared set throws PermissionDeniedError Request only what you actually use — fewer scopes means higher install conversion Risk Tiers & Grant Flow Every scope is tagged with a Risk Tier that controls when the user is asked to grant it:
Low
Auto-granted — already implied by being signed in. No prompt.
Medium
First call shows a grant dialog. Result persisted to installs/{uid}.grantedPermissions.
High
Confirms every call. Never cached. Used for payments, writes to medical records, and similar.
booapp.json — declare scopes by id {
"permissions": [
"auth.requireLogin",
"pet.list",
"media.takePhoto",
"location.getCurrent"
]
}All Scopes The full set of scopes the runtime understands. Each row shows the scope id (use this in your permissions array), its risk tier, and the SDK methods it covers.
auth.requireLogin Authentication
low risk pet.list List Pets
medium risk pet.read Read Pet
medium risk pet.update Update Pet
high risk media.pickImage Pick Image
medium risk media.pickVideo Pick Video
medium risk media.takePhoto Take Photo
high risk storage.upload Upload File
medium risk location.getCurrent Current Location
high risk payment.request Payment
high risk notification.send Send Notification
medium risk chat.openWith Open Chat
medium risk device.share Share
low risk device.haptic Haptic Feedback
low risk device.scanCode Scan QR / Barcode
medium risk data.read Read App Data
medium risk data.write Write App Data
medium risk Best Practices Minimal Permissions
Only request the permissions your app truly needs. Apps with fewer permissions get better conversion rates as users are more willing to install them.
High Risk Permissions
Scopes tagged high risk — camera, location, payments, pet record writes, etc. — confirm with the user every call and receive extra scrutiny during review. Be prepared to justify why your app needs them.
Common Permission Combinations Basic App Simple utility with key/value storage
["auth.requireLogin", "data.read", "data.write"]Pet-Focused App Reads pet data
["auth.requireLogin", "pet.list", "pet.read", "data.read", "data.write"]Photo App Camera, gallery, and uploads
["auth.requireLogin", "pet.list", "media.takePhoto", "media.pickImage", "storage.upload"]Social App Profiles, sharing, and chat
["auth.requireLogin", "pet.list", "device.share", "chat.openWith"]Location App GPS and map features
["auth.requireLogin", "pet.list", "location.getCurrent", "data.read", "data.write"]Copy for AI 