This documentation is a work in progress and will be released with the WSO2 API Manager 3.0.0 GA release.
Scope Registration and Management API - API Manager 3.0.0 - WSO2 Documentation

All docs This doc
||
Skip to end of metadata
Go to start of metadata

Scopes enable fine-grained access control to resources based on a set of bindings. Those bindings can be specified as roles or permissions, based on the underlying implementation. When a user invokes an API, the OAuth 2 bearer token cannot grant access to any API resource beyond its associated scopes.

The scope registration and management API enables users to do CRUD operations on scopes. It consists of several resources.

Scope Data

A scope can be represented by the following JSON string,

"name": "scope3",
  "description": "des123",
  "bindings":    [
     "role1",
     "role2",
     "role3"
  ]

Name: The name of the scope.

Description: A description of the scope.

Bindings: One or more properties that are bound to the scope. These properties can be allowed roles or permissions for a given scope.

Registering a scope

Given below is a sample request and response for registering a scope.

POST https://localhost:9282/api/auth/scope-registration/v1.0/scopes HTTP/1.1
Content-Type: application/json

(-- Scope json payload --)
POST https://localhost:9282/api/auth/scope-registration/v1.0/scopes HTTP/1.1
Content-Type: application/json

{
  "name": "scope1",
  "description": "scope1 description",
  "bindings":    [
     "role1",
     "role2"
  ]
}
HTTP/1.1 201 Created
Content-Type: application/json

{"name":"scope1","description":"scope1 description","bindings":["role1","role2"]}

Retrieving a scope list

Given below is a sample request and response for retrieving a list of scopes with pagination. You can optionally use the offset and limit parameters to specify the starting index and the total number of scopes per page, respectively.

GET https://localhost:9282/api/auth/scope-registration/v1.0/scopes[?offset={offset}&limit={limit}] HTTP/1.1
GET https://localhost:9282/api/auth/scope-registration/v1.0/scopes?offset=2&limit=2 HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/json

{
  "count": 2,
  "list":    [
           {
        "name": "scope3",
        "description": "scope3 description",
        "bindings":          [
           "role1",
           "role2"
        ]
     },
           {
        "name": "scope4",
        "description": "scope4 description",
        "bindings":          [
           "role1",
           "role2"
        ]
     }
  ],
  "pagination":    {
     "total": 6,
     "offset": 2,
     "limit": 2,
     "next": "/scopes?limit=2&offset=4",
     "previous": "/scopes?limit=2&offset=0"
  }
}

Retrieving a scope

Given below is a sample request and response for retrieving a scope.

GET https://localhost:9282/api/auth/scope-registration/v1.0/scopes/{scopeName} HTTP/1.1
GET https://localhost:9282/api/auth/scope-registration/v1.0/scopes/scope1 HTTP/1.1
HTTP/1.1 200 OK
Content-Type: application/json

{
  "name": "scope1",
  "description": "scope1 description",
  "bindings":    [
     "role1",
     "role2"
  ]
}

Updating a scope

Given below is a sample request and response for updating a scope.

PUT https://localhost:9282/api/auth/scope-registration/v1.0/scopes/{scopeName} HTTP/1.1
Content-Type: application/json
(-- Scope json payload --)
PUT https://localhost:9282/api/auth/scope-registration/v1.0/scopes/scope3 HTTP/1.1
Content-Type: application/json

{
    "name": "scope3",
    "description": "des123",
    "bindings":          [
       "role1",
       "role2",
       "role3"
    ]
}
HTTP/1.1 200 OK
Content-Type: application/json

{
  "name": "scope3",
  "description": "des123",
  "bindings":    [
     "role1",
     "role2",
     "role3"
  ]
}

Deleting a scope

Given below is a sample request and response for deleting a scope.

DELETE https://localhost:9282/api/auth/scope-registration/v1.0/scopes/{scopeName} HTTP/1.1
DELETE https://localhost:9282/api/auth/scope-registration/v1.0/scopes/scope1 HTTP/1.1
HTTP/1.1 204 No Content
  • No labels