A scope is not always used for controlling access to a resource. You can also use it to simply mark an access token. Such scopes do not have to have roles associated with them. Skipping role validation for scopes is called scope whitelisting.
To whitelist a scope, add it If you do not want a role validation for a scope in an API's request, add the scope under the
APIKeyValidation element and restart the server. It will be whitelisted. For example,
Next, invoke the Token API to get a token for the scope that you just whitelisted. For example,