- Notifications
You must be signed in to change notification settings - Fork1.1k
docs: add API key scopes documentation#20742
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Add a section to the sessions-tokens documentation explaining API keyscopes, including:- Overview of scope functionality and security benefits- Scope format (resource:action) and wildcard usage- CLI examples for creating scoped tokens- Common scope examples with descriptions
Add documentation for allow lists as an advanced feature that can becombined with scopes to restrict tokens to specific resource UUIDs.
Make it explicit that allow lists are exclusive - tokens can ONLY act onresources in the allow list. Add example showing how to maintain accessto other resources by being exhaustive with allow list entries.
Emphasize the exhaustive nature of allow lists by showing thatadditional entries would be needed.
Replace organization:* with user:read which is a valid scope.
stirby approved these changesNov 17, 2025
a272843 intomain 32 checks passed
Uh oh!
There was an error while loading.Please reload this page.
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a brief section to the API & Session Tokens documentation explaining API key scopes.
Changes
docs/admin/users/sessions-tokens.mdresource:action) and wildcard usageMotivation
Users need documentation on how to create and use scoped API tokens for improved security by limiting token permissions to only necessary operations.
Testing