Token Auth privilege restrictions

In addition to a Token Auth scope, API calls may require additional privilege restrictions. Privileges have no inherited capability.

Depending on the set of API calls your application needs, you pass one or more scopes and restrictions in the same scope parameter. The values match Aperture configuration settings in the API Applications Integration (see About API application integrations.

Client ID is the Application ID

Token Auth privilege restrictions

Privilege restriction


[none] or read

The scope has no additional privileges. For example, read-only APIs that search or retrieve details. For read access, you do not need to specify a privilege.


Special restriction that grants the caller the ability to approve workflow tickets.


Applies to APIs that are destructive in nature and results in data being permanently removed.


Special restriction which grants the caller the ability to import data.


Applies to APIs that make changes apart from Discovery/Import, revocation, and workflow approval APIs.


Special restriction which grants the caller the ability to revoke certificates.