Page tree

Scope Parameter

The Scope parameter allows you to determine which REST operations are available for a given user. This is done through the access token.

This parameter allows you to make sure that when users are granted access, they effectively are granted access with permissions that either allow or prevent them to perform certain REST

operations. Scope parameters are added when creating API Settings. To do so:

  1. Navigate to Setup > Integration > Access Token API > Configure.
  2. Click New and create your settings, or edit the existing settings.
  3. Open the Advanced configuration section at the bottom of the page.
  4. Add your scope, using the format shown in the code block below. The block below shows the scope parameter format, along with an example of an admin user being given access to five different operations through the access token.

    'Format:
    
    username:[operation1, operation2, operation3, operation n...]
    
    'Example:
    
    admin:[EWCreate, EWRead, EWUpdate, EWSelect, EWSearch]
    
    
  5. You can also specify a list of operations that are available for any user by default. These will be applied to anyone using the access token. It is created using the same format as above, just without specifying username.

    'Format:
    
    [operation1, operation2]
    
    'Example:
    
    [EWRead, EWUpdate]

    A blank Scope parameter gives a user access to each and every operation, so ensure any and all Scope parameters are either filled or blank by intention.

Available Operations

The following operations are available for designation in the scope parameter. If the parameter is empty or no default list is given, all of these operations are available to the user.