User data is scoped by so-called categories, which are essentially base directories, for which you can give apps read-only or read/write permission. Apps will use OAuth scopes to ask for access to one or more categories.

In the example screenshot, Litewrite is asking for read/write access to the "documents" category, using the OAuth scope documents:rw . If you allow access, the app will retrieve a bearer token, with which it can read and write to your storage, until you revoke that access on your server.