- Getting Started
- Authentication
- Swagger Definition
- Orchestrator APIs
- Alerts Requests
- Assets Requests
- Calendars Requests
- Environments Requests
- Folders Requests
- Generic Tasks Requests
- Jobs Requests
- Libraries Requests
- License Requests
- Packages Requests
- Permissions Requests
- Personal Workspaces Requests
- Processes Requests
- Queue Items Requests
- Queue Retention Policy Requests
- Robots Requests
- Roles Requests
- Schedules Requests
- Settings Requests
- Storage Bucket Requests
- Tasks Requests
- Task Catalogs Requests
- Task Forms Requests
- Tenants Requests
- Transactions Requests
- Users Requests
- Webhooks Requests
- Platform Management APIs
- About scopes and permissions
- Platform Management scopes and permissions
About scopes and permissions
Scopes and permissions manage the granularity of access to APIs. Scopes define high-level categories of actions that a user or application can perform, permissions provide fine-grained control over specific operations on resources.
Scopes and permissions pertain to OAuth or personal access tokens which provide a granular approach to access control, ensuring a secure and tailored experience.
Scopes define your application level of access to the UiPath® resources.
For example, to generate an authentication token for your application, you pass in several scopes. When your application makes an API call to access a resource, the token is validated against the resource scopes. If the resource is included in the scopes you passed in at token request, the call is successful, and it further checks for user permissions per endpoint (Read permissions for GET requests, and Write permissions for POST, PUT, or DELETE requests). Otherwise, the server rejects the call.
Permissions grant users the access to a specific functionality inside a resource. After your application successfully accesses the resource, the server checks if the authenticated user has the right permission for the corresponding method of the endpoint.
For example, you may restrict some users from deleting or updating user groups, but they can still view them.
Commonly, GET methods require Read permissions, while POST, PUT, and DELETE methods require Write permissions.