Register and manage APIs
Manage your APIs
You must be on the Kinde Plus or Scale plan to use this feature.
Kinde lets you add custom scopes to help manage others who access to your APIs. Scopes define token permissions used by your APIs, and provide a reliable way to control access to your API resources.
You need to have registered your APIs in Kinde to secure them using scopes.
Note that this topic is NOT about adding custom scopes for the Kinde Management API, it is only related to adding custom scopes to your own APIs. For information about Kinde Management API scopes, see this topic.
read
or write
, you can create scopes tailored to different levels of access, such as read:userprofile
or write:roles
.read:user_status
or write:mobilephone
.Take care deleting scopes. If a scope is in use, it can cause breaking changes for users and applications that are dependent on them.
By default token requests for an authorized application will return all the scopes enabled in the section above. However, you can also optionally ask for a subset of enabled scopes to be returned by including them in the body of the access token request. You might do this to add more security to access requests for your API, or because you want your users to be very specific in their requests.
Example request
curl --request POST \ --url 'https://<your_subdomain>.kinde.com/oauth2/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data 'client_id=<your_m2m_client_id>' \ --data 'client_secret=<your_m2m_client_secret>' \ --data 'audience=<your_api_audience>\ --data 'scope=join:competitions update:competitions'
If you manage access to your APIs using API keys, you can set scopes for the API keys, giving you more granular control over access, depending who has the keys.