API scopes
API scopes control what a Propel Application can or cannot do on your app's behalf.
When you create a Propel Application, you configure the set of API scopes available to the Application. By default, access tokens for an Application contain all of the Application's available scopes; however, if you wish to limit the scopes for a specific access token, you can pass the optional scope parameter when creating the token. You cannot request scopes that are not configured for the Application.
A Propel Application can have the following scopes, which limits access to resources within its Environment:
| Scope | Description |
|---|---|
| admin | The Application has read and write access to Data Sources, Data Pools, and Metrics. |
| application:admin | The Application can create another Application. |
| metric:query | The Application can query Metrics. |
| metric:read | The Application can list Metrics. |
| metric:stats | The Application can query Metrics' Dimension Statistics. |
| data_pool:query | The Application can query Data Pools. |
| data_pool:stats | The Application can query Data Pools' Dimension Statistics. |
Examples​
The examples below use curl to generate access tokens for a Propel Application.
Generate a token with default scopes​
In the following example, we omit the optional scope parameter. The resulting access token will contain all of the Application's available scopes.
curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET
Generate a token with only “metric:query” & “metric:stats” scopes​
In the following example, we include the optional scope parameter in order to generate an access token with only the “metric:query” and “metric:stats” scopes.
curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET \
-d 'scope=metric:query metric:stats'
The resulting access token can only query Metrics and Dimension Statistics. It cannot be used to create new Data Sources, delete Metrics, or perform any other admin operations.