Token Auth privilege restrictions

In addition to a Token Auth scope, API calls may require additional privilege restrictions. Privileges have no inherited capability.

Depending on the set of API calls your application needs, you pass one or more scopes and restrictions in the same scope parameter. The values match Aperture configuration settings in the API Applications Integration (see About API application integrations.

Client ID is the Application ID

Token Auth privilege restrictions

Privilege restriction

Purpose

[none] or read

The scope has no additional privileges. For example, read-only APIs that search or retrieve details. For read access, you do not need to specify a privilege.

:approve

Special restriction that grants the caller the ability to approve workflow tickets.

:delete

Applies to APIs that are destructive in nature and results in data being permanently removed.

:discover

Special restriction which grants the caller the ability to import data.

:manage

Applies to APIs that make changes apart from Discovery/Import, revocation, and workflow approval APIs.

:revoke

Special restriction which grants the caller the ability to revoke certificates.