API Authentication: OAuth 2.0 - Granular Scopes

With the August 2019 release, OAuth 2.0 was made generally available. OAuth 2.0 is an industry-standard authentication and authorization protocol for APIs. Using this protocol reduces the time and effort needed by external developers to integrate with the Cornerstone system.

With this enhancement, the ability to select granular scopes is now available, allowing organizations to control the methods and endpoints an application can access through Cornerstone's APIs using the OAuth 2.0 API credentials. A "scope" is a mechanism in OAuth 2.0 which is used to limit an external application's access.

This means that clients can now specify applications' access to individual calls. For example, an organization can specify an application's access to GET /services/api/Recruiting/JobApplicant by choosing the get_jobApplicant scope.

This enhancement was made available in Stage on Jan 30th. This enhancement will be available with the Feb 7th release.


This functionality is available to any organization that has purchased Cornerstone APIs or the Reporting API. A purchase inquiry for Cornerstone APIs or the Reporting API can be submitted through the Edge Marketplace.

To access Cornerstone APIs or the Reporting API in the Edge Marketplace, go to: Admin > Tools > Edge and click the Marketplace link. Search for and click the Cornerstone API tile. Click the Setup tab for setup instructions for the API.

Additional information about scopes will be made available in the API Explorer: https://apiexplorer.csod.com/apiconnectorweb/apiexplorer#/


The following existing permission applies to this functionality:

Edge APIs - Manage Grants ability to manage Edge APIs on the API Management page. Edge