Personal API Key Scopes

When creating a personal API key in the user settings, you can predefine access permissions for this key by selecting the relative scopes. The following table describes the permissions each scope provides.

ScopeDescription
auth-objects:readAllows viewing authentication objects
auth-objects:testAllows testing an authentication object during its configuration
auth-objects:writeAllows creating, editing and deleting authentication objects
botEnables communication between a Repeater and the Bright engine
files:readAllows reading files from the storage and verifying targets
files:writeAllows managing files in the storage, for example, uploading or deleting them
groups:deleteAllows deleting groups
groups:manageAllow managing groups, for example creating a new group or editing an existing group
groups:readAllows viewing information about groups that a user has been added to
integration.repos:readAllows viewing resources associated via integrations, for example, GitHub repositories, Slack channels, or Jira boards
issues:manageAllows managing detected issues, for example assigning a user to an issue, marking an issue as resolved, or retesting an issue
issues:readAllows viewing detected issues
org:readAllows viewing basic information about an organization. This scope is required for running a scan
org:writeAllows editing basic information about an organization and managing its basic settings, for example, enforcing MFA
org.memberships:manageAllows managing organization members, for example adding a member to an organization, deleting a member from an organization, or viewing a member’s profile
org.memberships:readAllows viewing members of an organization
projects:deleteAllows deleting projects
projects:manageAllows managing projects, for example creating a new project or editing an existing one
projects:readAllows displaying available projects. This scope is required for running a scan
repeaters:readAllows viewing organization’s repeaters
repeaters:writeAllows creating, editing, deleting a repeater, as well as testing repeater connection to a network
roles:readAllows viewing a list of roles
roles:writeAllows creating and editing custom roles. The default roles (for example, “Admin”, “Owner”, etc.) are read-only
scansProvides unrestricted access to scan management
scans:deleteAllows deleting scans
scans:manageAllows managing scans, for example editing scan settings or retesting a scan
scans:readAllows viewing existing scans
scans:runAllows running scans
scans:stopAllows stopping scans
scripts:readAllows viewing repeater’s scripts
scripts:writeAllows creating, editing, and deleting scripts
userAllows reading and editing user’s own personal details including consents, date settings, notifications. Required for API authorization.
user:readAllows viewing user’s own personal details
user:writeAllows users to edit their own personal details, for example, change names, emails, and passwords