Following developer requests on being able to manage API token scopes to avoid giving them too many permissions, we're thrilled to announce that you can now choose the scopes of your new tokens. When creating new API tokens, simply specify their permissions among the following options:
- Identity scope: give read or write access to the identity-related endpoints (GET /me, GET /organization).
- Events scope: give read or write access to event-related endpoints (events, sessions, participants endpoints).
- Admin scope: give read or write access to admin-related endpoints (GET, POST, DELETE /users[/id] endpoints)
- Webhooks scope: give read or write access to webhook-related endpoints (GET, POST, DELETE /webhooks[/id] endpoints).
If you don't configure the appropriate set of scopes to your API token, you'll receive a 403 error when calling unauthorized endpoints. Make sure to double-check the scopes your API token will need in the future!
Want to know more about these new scopes? Check out our dedicated guide →