Register and manage APIs
Manage your APIs
Secure your API using scopes
Kinde lets you add custom scopes to help manage others who access to your APIs. Scopes define token permissions used by your APIs, and provide a reliable way to control access to your API resources.
You need to have registered your APIs in Kinde to secure them using scopes.
Benefits of using scopes
Link to this section- Granular control: Instead of broad permissions like
readorwrite, you can create scopes tailored to different levels of access, such asread:userprofileorwrite:roles. - Security: You only need to grant the permissions necessary for each operation, minimizing the risk of unauthorized access to sensitive data or actions within your system.
- Flexibility: As your application grows and requirements change, you can easily add, remove, or modify scopes without affecting other parts of your system.
- Better UX: They simplify the authorization process and improve overall user experience.
- Compliance: They help you align with regulatory requirements or industry standards by ensuring that access to sensitive data is properly managed and audited.
Add scopes to an API
Link to this section- In Kinde, go to Settings > APIs.
- Select View details on the API you want to add scopes for.
- In the menu, select Scopes.
- Select Add scope.
- In the Add scope window, enter a name for the scope. This will be the name you use in your code to recognize the scope. We recommend following a consistent naming convention, such as
read:user_statusorwrite:mobilephone. - Add a description that explains what the scope is for and what it does.
- Select Save.
- Repeat from step 4 for all the scopes you want to add for this API.
- Repeat from step 1 to add scopes for a different API.
Authorize and enable scopes for an application
Link to this section- Go to Settings > Applications and select View details on the relevant application.
- Select APIs in the side menu.
- If the application is not yet authorized, select the three dots menu next to the API you’re giving the app access to, and then select Authorize application.
- In the same three dots menu, select Manage scopes.
- In the window that opens, switch on or off the scopes allowed for the application.
- Select Save.
Edit and delete scopes
Link to this section- Go to Settings > APIs and select View details on the relevant API tile.
- Select Scopes in the menu.
- Find the scope you want to change.
- Select the dots menu (far right) and select:
- Edit scope. You can only change the scope description. Select Save.
- Delete scope. Confirm that you want to delete and select Delete scope.
Request a subset of scopes for an authorized application
Link to this sectionBy default token requests for an authorized application will return all the scopes enabled in the section above. However, you can also optionally ask for a subset of enabled scopes to be returned by including them in the body of the access token request. You might do this to add more security to access requests for your API, or because you want your users to be very specific in their requests.
Example request
curl --request POST \ --url 'https://<your_subdomain>.kinde.com/oauth2/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=client_credentials \ --data 'client_id=<your_m2m_client_id>' \ --data 'client_secret=<your_m2m_client_secret>' \ --data 'audience=<your_api_audience>\ --data 'scope=join:competitions update:competitions'API Key scopes
Link to this sectionIf you manage access to your APIs using API keys, you can set scopes for the API keys, giving you more granular control over access, depending who has the keys.