Scopes in API Manager

API Manager supports an explicit API model with scopes assigned to APIs during API registration.

When a client application is authorized (granted access) to use an API, then all the API’s scopes are associated with (available to) that application. When the client application makes an authorization request, it includes the scopes it is requesting in the request. In the authorization code flow, these scopes are displayed to the resource owner and the resource owner can select which scopes are granted to the client application.

Enable global scopes in API Manager

You can also enable OAuth scopes at the level of the client application by selecting the Enable OAuth scopes per application setting in the API Manager web interface. Select the Settings > API Manager settings tab, and under GENERAL SETTINGS switch the Enable OAuth scopes per application setting to ON. This allows API administrators to create application-level scopes to permit access to OAuth resources that are not covered by API-level scopes. This setting can be used if you are using the API Gateway global scopes model. For more information, see Scopes in API Gateway.

When you select the Enable OAuth scopes per application setting in API Manager, you can configure the scopes that a client application can access in the API Manager web interface. When editing a client application, select the Authentication tab. In the OAUTH SCOPES section you can specify scopes as free-form text or select a scope from a list of known configured scopes. You can also select a scope as a default scope for the client application.

For more information on API Manager settings, see the API Manager User Guide.

Related Links