API Management - Scopes

The Scopes for an API can be added when registering a new OAuth 2.0 application from the API Management page in Edge.

To access the API Management page, go to: Admin > Tools > Edge and click the API Management link. Click the Manage OAuth 2.0 Applications tab.

Register New Application

Scopes can be configured during the application registration process. To register an application:

  1. Click the Register New Application button.
  2. Populate the fields on the Register New Application page, including the Application Name, Username, and a validity period, if applicable.
    • Each registered application must be associated with an existing user account, which functions as a service account. This user account is bound to the application and to the client ID and secret.
    • The validity period defines the time period, in seconds, for which an access token is issued. This field is optional. If no value is entered, access tokens will be assigned a default validity period of one hour. The maximum value that can be entered in this field is 86,400 seconds (one day). The minimum value is 300 seconds.
  3. Configure the application's scopes. The Scopes section contains a list of endpoints and operations to which the application needs access. To select scopes for an API, select the checkbox next to the API. To modify the scopes for an API, click the Modify button next to the API and select or deselect scopes. The external application will not be able to access an endpoint or operation if it is not selected. Select any necessary scopes and click Save.
  4. Click the Register Application button.
  5. Copy the client ID and secret generated by Cornerstone to use when building your API-based integration. Be sure to save this information for your use, as you will only be shown the secret once.