Cloud Admin scopes for OAuth 2.0 (3LO), Forge apps, and API keys

Scopes enable an app to request a level of access to an Atlassian product.

Setting your app's scopes

Forge apps

The easiest way to set your app's scopes is to:

• Update to the latest forge-cli packages.
• Run forge lint --fix to add the scopes to the manifest.

This process does not remove any redundant scopes from the manifest file, and these scopes need to be removed manually.

If you want to set the scopes manually, you need to:

• Review your app to determine all of the operations used.
• Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
• Add the scopes required to the app's manifest file while remembering to remove any deprecated scopes.

OAuth 2.0 apps

For OAuth 2.0 apps, you need to:

• Review your app to determine all of the operations used.
• Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
• Update the scopes required in the developer console.

API key

For an API key, you need to:

• Determine all of the operations needed by your key
• Consult the Cloud Admin REST API documentation to determine the scope needed for each operation and create a list of scopes.
• When you create your API key in the Admin Hub, select the scopes the key needs to access.

Scopes

The scopes below are for apps using OAuth 2.0 authorization code grants (3LO) for authorization and Forge apps. The title and description are displayed to the user on the consent screen during the authorization flow.