To find out which scopes an operation requires, check the OAuth scopes required field in the relevant API documentation:
If the operation has the statement Apps can't access this REST resource, you can't use it with OAuth 2.0 (3LO).
Note, the permissions held by the user an app is acting for always constrain the app, regardless of the app's scopes. For example, if a Jira app has the manage:jira-project scope but the user does not have the Administer Jira permission, the app can not create projects.
Rate this page: