Configure REST API Auth scope

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Link the OAuth entity with an auth scope to manage the token to access the REST APIs that are linked with the auth scope.

    Before you begin

    Install the following plugins:

    • OAuth 2.0
    • REST API Provider
    • Authentication scope
    • REST API Auth Scope
    Note:
    The REST API Auth Scope plugin is added as part of the Tokyo release.

    Role required: api_service_admin, adaptive_auth_policy_admin

    Procedure

    1. Navigate to All > API Auth Scopes > REST API Auth Scope.
      The REST API Auth Scopes page is displayed.
    2. To configure a new REST API Auth Scope, click New.
    3. On the form, fill in the fields.
      Table 1. REST API Auth Scope
      Name A unique name that identifies the REST API Auth Scope.
      Active Select the check box to make the configuration active.
      Application Read-only application scope.
      REST API The REST API to which the auth scope is applied. For example, the Table API.
      Auth Scope Select the auth scope from the lookup icon.
      REST API PATH API path of the REST API. This field is auto-populated based on the selected REST API. For example, now/table.
      HTTP Method Method used for interacting with the API. Select the method from drop-down list.

      You can disable the Apply auth scope to all http methods in this API field on the form manually to select the method.
      REST API Version Version of the API. For example, v1. This field is auto-populated based on the selected REST API.

      You can disable the Apply auth scope to all versions in this API field on the form manually to select the version.
      Resource Child resource of the REST API. This field is auto-populated based on the selected REST API. For example, /now/table.

      You can disable the Apply auth scope to all resources in this API field on the form manually to select the resources.
      Apply auth scope to all http methods in this API When enabled, applies the auth scope to all the http methods in the API.
      Apply auth scope to all versions in this API hen enabled, applies the auth scope to all versions in the API.
      Apply auth scope to all resources in this API When enabled, applies the auth scope to all resources in the API
    4. Click Submit.
      Based on the selected REST API and Auth Scope, the APIs retrieves information that is particular to the scope.

    Consider creating three REST API Auth Scope for Table API

    The first auth scope is mapped to the Table API with all the http methods, versions, and resources enabled.

    REST API Auth Scope3

    The second auth scope is mapped to the Table API with all the versions and resources enabled. But, you choose the HTTP Method, in this example, the GET method.

    REST API Auth Scope2

    The third auth scope is mapped to the Table API without the http methods, versions, and resources enabled. But, you choose the HTTP Method, Version, and Resource manually. In this example, HTTP Method is GET, REST API Version is latest, and Resource is /now/table/{tableName}.

    REST API Auth Scope1

    If all these auth scopes are created, you can use GET method with all the three scopes, but for POST, PUT, DELETE, or PATCH methods only scope3 can be used.