Token Scopes Reference

This page is designed to give you a clear reference of what all of the scopes mean when generating Metadata API access tokens.

It is imperative that you ensure only the scopes necessary for your use case are selected to avoid potential security risks.

Before you proceed

Each scope offers four different permission settings, as follows.

  • C (Create)

    • Create new data defined within this scope

  • R (Read)

    • Read data defined within this scope

  • U (Update)

    • Update existing data defined within this scope

  • D (Delete)

    • Delete data defined within this scope

You can quickly add or remove all permission settings by hovering over them and clicking + or -

Scope
Description

Workspace Database

Allows access to the database including table data and schema across all data sources

Workspace Content

Allows access to workspace-wide information such as datasources, branches, basic workspace information and exporting / importing data

Workspace Live Data Source

Allows specific access to the live (production) data source

Workspace API Groups

Allows access to APIs and API groups

Workspace Functions

Allows access to custom functions

Workspace Addons

Allows access to addons

Workspace Tasks

Allows access to tasks

Workspace Files

Allows access to public and private file storage

Workspace Request History

Allows access to your request history

What scopes should I use?

While it's hard to answer this question without specific knowledge of your use case, here are some examples of proper scoping that might make sense.

WeWeb

To use WeWeb's Xano plugin(s), you'll need the following scopes.

Scope
C
R
U
D
Why?

Workspace API Groups

WeWeb needs to be able to read information about your API groups and available APIs.

Workspace Content

WeWeb needs to know about your available workspaces.

Monitoring and Logging

For monitoring and logging tools, you might need the following scopes.

Scope
C
R
U
D
Why?

Workspace API Groups

For getting specific information about APIs it is monitoring

Workspace Content

General information about your available workspaces.

Workspace Request History

Specific request history data for parsing and logging

Last updated

Was this helpful?