Azure Cosmos DB · OAuth Scopes

Azure Cosmos DB OAuth Scopes

OAuth 2.0 derived

Azure Cosmos DB publishes 1 OAuth 2.0 scope via the clientCredentials flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Azure Cosmos DB API on a user’s behalf.

Tokens are issued from https://login.microsoftonline.com/common/oauth2/v2.0/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

DatabaseNoSQLDocument DatabaseVector DatabaseGlobally DistributedCloudAzure
Scopes: 1 Flows: clientCredentials Method: derived

OAuth endpoints

Token URL
https://login.microsoftonline.com/common/oauth2/v2.0/token
Flows
clientCredentials

Scopes (1)

ScopeDescriptionFlows
https://cosmos.azure.com/.default Cosmos DB data plane access clientCredentials

Source

OAuth Scopes

azure-cosmos-db-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/azure-cosmos-db-openapi.yml
schemes:
- name: entra
  source: openapi/azure-cosmos-db-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/common/oauth2/v2.0/token
  description: Microsoft Entra ID OAuth 2.0 bearer token
scopes:
- scope: https://cosmos.azure.com/.default
  description: Cosmos DB data plane access
  flows:
  - clientCredentials
  sources:
  - openapi/azure-cosmos-db-openapi.yml