First, if you're looking to understand the general native Salesforce integration, check out this guide, it's the best starting point.
Salesforce Permissions by Level
OAuth scopes
Manage user data via APIs (api)
Perform requests at any time (refresh_token, offline_access)
Setup-level access (Integration user system permissions)
API Enabled
View Setup and Configuration (commonly required to successfully query queue-related objects such as Group and QueueSobject)
Modify Metadata Through Metadata API Functions
Object-level permissions (Integration user)
Lead
Read
Create
Edit
Contact
Read
Create
Edit
Campaign
Read
(Create, Edit) only if you will create or update Campaigns
Campaign Member (CampaignMember)
Read (only if you query CampaignMember records)
Create
Edit
Queue-related objects (for querying queues via API)
Group
Read
QueueSobject
Read
Managed package custom objects (records on objects installed by the package)
For each package custom object your integration will use:
Read (required for query/search)
Create (required for insert)
Edit (required for update)
Delete (only if you will delete records)
Field-level permissions (Integration user)
For every field you query (SELECT in SOQL or return via API): Read
For every field you write (insert/update): Edit