Overview

All endpoints you can call in Feedback API require one or more specific scopes to be present in the access token, depending on the endpoint's function and the data it operates against.

Each separate scope can be thought of as a form of access privilege granting specific access to a particular kind or group of data. This is analogous to how a user account has specific rights assigned to it, such as the ability to administer a Feedback environment (for instance).

During the authentication and authorization phase, when obtaining access tokens, Applixure Authentication Server is requested to assign specific scopes for the generated access token, limiting what operations that access token is allowed to perform. In turn, AAS can only assign those scopes to the access token that the requesting authentication primitive - a Applixure user account or API key - is able to hold itself based on its powers and privileges. For example, a user account only having "read reporting data" -privileges would not be able to obtain an access token with "feedback-admin" scope for that environment.

As Applixure user account or API key may have permissions to multiple different Feedback accounts or environments, an issued access token from AAS will internally also record scope-to-environment and scope-to-account mappings for all these. For clarity, the scope names themselves do not contain different account or environment identifiers (such as: "feedback-admin:xxxx-yyyy-zzzz"). In the future, additional endpoints may be added to the Feedback API to introspect issued access tokens to resolve what scopes relate to which logical access boundary entries.

Currently supported scopes for Feedback