A scope contains an entity scope and a permission, ie. charge-points:read
Currently there are 3 permission scopes:
readwritedelete
They inherit from each other, so delete allows to read and write as well.
Examples
charge-points:read- you can only read charge points.charge-points:write- all of:read
plus
you can create and update them.charge-points:delete- all of:write
plus
you can delete access charge points.
Full Access:
all:delete- you can access and modify any resource
Use different scopes to control access and mitigate risk
Depending on your needs it might make sense to have various credentials for different scopes that you can share with different teams within your company. E.g. it might be sufficient to give your finance team / tool credentials limited to wallet-transactions scope while your product team has a more broad access level to control charges and display charge points within your products.
You can use the /auth/me endpoint to retrieve information about the scope, restrictions on teams etc. A sample response looks like:
{
"name": "Partner API Demo",
"operatorId": 42,
"teamIds": [],
"clientId": "73d86c7f-48de-4a0f-bd3c-da243e16b630",
"rateLimit": 1000,
"rateLimitIntervalInSeconds": 600,
"scopes": [
"all:delete"
]
}
This credential has access to all resources within operator with id 42 (no restrictions on teamIds). Since the scopes collection contains all:delete, you can call any of our endpoints with this.