Skip to main content

API scopes

API scopes control what a Propel Application can or cannot do on your app's behalf.

When you create a Propel Application, you configure the set of API scopes available to the Application. By default, access tokens for an Application contain all of the Application's available scopes; however, if you wish to limit the scopes for a specific access token, you can pass the optional scope parameter when creating the token. You cannot request scopes that are not configured for the Application.

A Propel Application can have the following scopes, which limits access to resources within its Environment:

ScopeDescription
adminThe Application has read and write access to Data Sources, Data Pools, and Metrics.
application:adminThe Application can create another Application.
metric:queryThe Application can query Metrics.
metric:readThe Application can list Metrics.
metric:statsThe Application can query Metrics' Dimension Statistics.
data_pool:queryThe Application can query Data Pools.
data_pool:statsThe Application can query Data Pools' Dimension Statistics.

Examples

The examples below use curl to generate access tokens for a Propel Application.

Generate a token with default scopes

In the following example, we omit the optional scope parameter. The resulting access token will contain all of the Application's available scopes.

curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET

Generate a token with only “metric:query” & “metric:stats” scopes

In the following example, we include the optional scope parameter in order to generate an access token with only the “metric:query” and “metric:stats” scopes.

curl https://auth.us-east-2.propeldata.com/oauth2/token \
-d grant_type=client_credentials \
-d client_id=$APPLICATION_ID \
-d client_secret=$APPLICATION_SECRET \
-d 'scope=metric:query metric:stats'

The resulting access token can only query Metrics and Dimension Statistics. It cannot be used to create new Data Sources, delete Metrics, or perform any other admin operations.