API scopes
API scopes control what a Propel Application can or cannot do on your app's behalf.
When you create a Propel Application, you configure the set of API scopes available to the Application. By default, access tokens for an Application contain all of the Application's available scopes; however, if you wish to limit the scopes for a specific access token, you can pass the optional scope
parameter when creating the token. You cannot request scopes that are not configured for the Application.
A Propel Application can have the following scopes, which limits access to resources within its Environment:
Scope | Description |
---|---|
admin | The Application has read and write access to Data Sources, Data Pools, and Metrics. |
application:admin | The Application can create another Application. |
metric:query | The Application can query Metrics. |
data_pool:query | The Application can query Data Pools. |
Examples​
The examples below use curl to generate access tokens for a Propel Application.
Generate a token with default scopes​
In the following example, we omit the optional scope
parameter. The resulting access token will contain all of the Application's available scopes.
curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET
Generate a token with only “metric:query” & “metric:stats” scopes​
In the following example, we include the optional scope
parameter in order to generate an access token with only the “metric:query” and “metric:stats” scopes.
curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET \
-d 'scope=metric:query metric:stats'
The resulting access token can only query Metrics and Dimension Statistics. It cannot be used to create new Data Sources, delete Metrics, or perform any other admin operations.