Personal API Key Scopes

When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

auth-objects:readAllows viewing authentication objects
auth-objects:testAllows testing an authentication object during its configuration
auth-objects:writeAllows creating, editing and deleting authentication objects
botEnables communication between a Repeater and the Bright engine
files:readAllows reading files from the storage and verifying targets
files:writeAllows managing files in the storage, for example, uploading or deleting them
groups:deleteAllows deleting groups
groups:manageAllow managing groups, for example creating a new group or editing an existing group
groups:readAllows viewing information about groups that a user has been added to
integration.repos:readAllows viewing resources associated via integrations, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue
issues:readAllows viewing detected issues
org:readAllows viewing basic information about an organization. This scope is required for running a scan
org:writeAllows editing basic information about an organization and managing its basic settings, for example, enforcing MFA
org.memberships:manageAllows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile
org.memberships:readAllows viewing members of an organization
projects:deleteAllows deleting projects
projects:manageAllows managing projects, for example creating a new project or editing an existing one
projects:readAllows displaying available projects. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scansProvides unrestricted access to scan management
scans:deleteAllows deleting scans
scans:manageAllows managing scans, for example editing scan settings or retesting a scan
scans:readAllows viewing existing scans
scans:runAllows running scans
scans:stopAllows stopping scans
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting scripts
userAllows reading and editing user’s own personal details including consents, date settings, notifications. Required for API authorization.
user:readAllows viewing user’s own personal details
user:writeAllows users to edit their own personal details, for example, change names, emails, and passwords