Personal API Key Scopes

When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeDescription
auth-objects:readAllows viewing authentication objects
auth-objects:testAllows testing an authentication object during its configuration
auth-objects:writeAllows creating, editing, and deleting authentication objects
botEnables communication between a Repeater and the Bright engine
commentsAllows viewing and managing comments in scans and issues
comments:readAllows viewing comments in scans and issues
comments:writeAllows editing and deleting comments in scans and issues
discoveriesProvides unrestricted access to discoveries
discoveries:deleteAllows deleting discoveries
discoveries:manageAllows editing discoveries
discoveries:readAllows viewing existing discoveries
discoveries:runAllows running discoveries
discoveries:stopAllows stopping discoveries
entry-pointsProvides unrestricted access to entry points
entry-points:manageAllows creating, editing, deleting, testing and previewing changes made to entrypoints
entry-points:readAllows viewing entry points
files:readAllows reading and downloading files from the storage
files:writeAllows to associate files with projects, clone files, upload or delete them
groups:deleteAllows deleting groups
groups:manageAllows creating new groups, editing existing groups, adding members to groups, assigning roles to groups
groups:readAllows viewing groups
integration.repos:readAllows viewing resources of the integrated services, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows execution and saving scan issues as new
issues:readAllows viewing detected scan issues
logsAllows viewing the personal activities log
org:readAllows viewing basic information about an organization: organization name and quotas. This scope is required for running and managing scans
org:writeAllows editing company name and enforcing MFA
org.logsAllows viewing the organization's activities log
org.memberships:manageAllows adding a member to an organization, editing member's details, and deleting a member from an organization
org.memberships:readAllows viewing members of an organization
projects-issues:writeAllows users to manage project issues: to change severity, status, and assignee
projects:createAllows to create projects
projects:deleteAllows deleting projects
projects:editAllows editing project name, number of concurrent scans, adding associated GitHub or Gitlab repositories, Slack channels, Azure or Jira boards, managing webhooks
projects:readAllows viewing of available projects and project issues. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, and deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating, editing, and deleting custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scan-labels:manageAllows editing labels in scans that are already running or have been finished
scansProvides unrestricted access to scan management. org:read scope is also required to run and manage scans
scans:deleteAllows deleting scans
scans:manageAllows editing scan settings
scans:readAllows viewing existing scans
scans:runAllows running and retesting scans
scans:stopAllows stopping scans
scans-templatesProvides unrestricted access to scan templates management
scans-templates:readAllows viewing existing scan templates
scans-templates:writeAllows creating, editing, and deleting custom scan templates
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting repeater’s scripts
userAllows reading and editing user’s own personal details including consents, date settings, and notifications. Required for API authorization
user:readAllows viewing user’s own personal details
user:writeAllows users to edit their own personal details, for example, change names, emails, and passwords