Cloud Admin scopes for OAuth 2.0 (3LO), Forge apps, and API keys

Scopes enable an app and API keys to request a level of access to an Atlassian product.

API scopes allow you to choose the actions an API key has permission to perform in your organization. You can set scopes for your API keys to view, write, and delete content.

Setting your app's scopes

Forge apps

The easiest way to set your app's scopes is to:

• Update to the latest forge-cli packages.
• Run forge lint --fix to add the scopes to the manifest.

This process does not remove any redundant scopes from the manifest file, and these scopes need to be removed manually.

If you want to set the scopes manually, you need to:

• Review your app to determine all of the operations used.
• Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
• Add the scopes required to the app's manifest file while remembering to remove any deprecated scopes.

OAuth 2.0 apps

For OAuth 2.0 apps, you need to:

• Review your app to determine all of the operations used.
• Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
• Update the scopes required in the developer console.

Setting your API keys' scopes

For an API key, you need to:

1. Determine all the APIs that you need to call using your API key.
2. Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
3. When you create your API key in Atlassian Administration, select scopes for the key to perform specific actions in your organization.

Available scopes

These scopes apply to OAuth apps, OAuth integrations, API keys and API tokens.

The title and description are displayed to the user on the consent screen during the authorization flow.