diff --git a/apps/partner-sas/.env b/apps/partner-sas/.env
new file mode 100644
index 000000000..11954eaf1
--- /dev/null
+++ b/apps/partner-sas/.env
@@ -0,0 +1 @@
+CURITY_CLIENT_SERVICE_SCOPES="profile_read, hotel, booking, package, availability"
\ No newline at end of file
diff --git a/apps/partner-sas/.gitignore b/apps/partner-sas/.gitignore
index 442ad066f..294a8d0f5 100644
--- a/apps/partner-sas/.gitignore
+++ b/apps/partner-sas/.gitignore
@@ -31,7 +31,7 @@ yarn-error.log*
 .pnpm-debug.log*
 
 # env files (can opt-in for committing if needed)
-.env*
+.env.*
 
 # vercel
 .vercel
diff --git a/apps/scandic-web/.env b/apps/scandic-web/.env
index 4fb8642fe..f7c7de9b9 100644
--- a/apps/scandic-web/.env
+++ b/apps/scandic-web/.env
@@ -1,6 +1,7 @@
 NEXTAUTH_DEBUG="false"
 DEBUG_QUERIES="false"
 SEAMLESS_ENVIRONMENT_SUBDOMAIN="www"
+CURITY_CLIENT_SERVICE_SCOPES="profile, hotel, booking, package, availability"
 
 SEAMLESS_LOGIN="https://${SEAMLESS_ENVIRONMENT_SUBDOMAIN}.scandichotels.{topleveldomain}/updatelogin"
 SEAMLESS_LOGOUT="https://${SEAMLESS_ENVIRONMENT_SUBDOMAIN}.scandichotels.{topleveldomain}/updatelogout?newweb=1"
\ No newline at end of file
diff --git a/packages/common/env/server.ts b/packages/common/env/server.ts
index 3e1b18468..fc53355f5 100644
--- a/packages/common/env/server.ts
+++ b/packages/common/env/server.ts
@@ -20,6 +20,13 @@ export const env = createEnv({
     CURITY_ISSUER_USER: z.string(),
     CURITY_CLIENT_ID_SERVICE: z.string().default("scandichotels-web-backend"),
     CURITY_CLIENT_SECRET_SERVICE: z.string(),
+    CURITY_CLIENT_SERVICE_SCOPES: z.string().transform((val) =>
+      val
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean)
+        .toSorted()
+    ),
   },
   emptyStringAsUndefined: true,
   runtimeEnv: {
@@ -31,5 +38,6 @@ export const env = createEnv({
     CURITY_CLIENT_SECRET_SERVICE: process.env.CURITY_CLIENT_SECRET_SERVICE,
     CURITY_ISSUER_USER: process.env.CURITY_ISSUER_USER,
     CURITY_CLIENT_ID_SERVICE: process.env.CURITY_CLIENT_ID_SERVICE,
+    CURITY_CLIENT_SERVICE_SCOPES: process.env.CURITY_CLIENT_SERVICE_SCOPES,
   },
 })
diff --git a/packages/common/tokenManager/tokenManager.ts b/packages/common/tokenManager/tokenManager.ts
index 14d1683d2..887e7b947 100644
--- a/packages/common/tokenManager/tokenManager.ts
+++ b/packages/common/tokenManager/tokenManager.ts
@@ -15,7 +15,7 @@ export async function getServiceToken() {
   const tracer = trace.getTracer("getServiceToken")
 
   return await tracer.startActiveSpan("getServiceToken", async () => {
-    const scopes = ["profile", "hotel", "booking", "package", "availability"]
+    const scopes = env.CURITY_CLIENT_SERVICE_SCOPES
 
     const cacheKey = getServiceTokenCacheKey(scopes)
     const cacheClient = await getCacheClient()