BlueAI API Key Scopes
Types of scopes assignable to API keys and their mapping to HTTP methods.
|
Overview
API keys can be assigned scopes to restrict the operations each key can perform. Keys without scopes (legacy keys) are granted full access for backward compatibility.
Scope Types
The following three scope types are available.
- read — Allows GET / HEAD requests only. Read-only access to data.
- write — Allows all HTTP methods (includes read). Can create, update, and delete data.
- full — Allows all HTTP methods. Equivalent to write.
HTTP Method to Scope Mapping
The required scope for each HTTP method is as follows.
| HTTP Method | Required Scope |
|---|---|
| GET | read |
| HEAD | read |
| POST | write |
| PUT | write |
| PATCH | write |
| DELETE | write |
Legacy Keys (No Scopes)
API keys without scopes are granted full access for backward compatibility. For improved security, we recommend always setting scopes on new keys.
403 Forbidden Response
When the required scope is missing, the API returns 403 Forbidden.
{
"error": "Forbidden: API key missing required scope 'write'",
"code": "FORBIDDEN"
}