Cognite · OAuth Scopes

Cognite OAuth Scopes

OAuth 2.0 derived

Cognite publishes 3 OAuth 2.0 scopes via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Cognite API on a user’s behalf.

Tokens are issued from https://your-idps.token.url/.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Industrial IoTManufacturingIndustrial DataDigital TwinAsset ManagementTime SeriesIndustrial AI
Scopes: 3 Flows: clientCredentials, authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://your-idps.authorization.url/
Token URL
https://your-idps.token.url/ https://login.microsoftonline.com/48d5043c-cf70-4c49-881c-c638f5796997/oauth2/v2.0/token
Flows
clientCredentialsauthorizationCode

Scopes (3)

ScopeDescriptionFlows
default https://{cluster}.cognitedata.com/.default authorizationCode, clientCredentials
https://api.cognitedata.com/.default
https://{cluster}.cognitedata.com/.default

Source

OAuth Scopes

cognite-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/cognite-data-fusion-api.json, openapi/cognite-data-fusion-api.yaml
schemes:
- name: oauth2-client-credentials
  source: openapi/cognite-data-fusion-api.json
  flows:
  - flow: clientCredentials
    tokenUrl: https://your-idps.token.url/
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
- name: oauth2-auth-code
  source: openapi/cognite-data-fusion-api.json
  flows:
  - flow: authorizationCode
    authorizationUrl: https://your-idps.authorization.url/
    tokenUrl: https://your-idps.token.url/
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
- name: oauth2-open-industrial-data
  source: openapi/cognite-data-fusion-api.json
  flows:
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/48d5043c-cf70-4c49-881c-c638f5796997/oauth2/v2.0/token
  description: Auth flow for Open Industrial Data. Get your client secret from https://hub.cognite.com/open-industrial-data-211.
- name: oauth2-client-credentials
  source: openapi/cognite-data-fusion-api.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://your-idps.token.url/
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
- name: oauth2-auth-code
  source: openapi/cognite-data-fusion-api.yaml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://your-idps.authorization.url/
    tokenUrl: https://your-idps.token.url/
  description: Access token issued by the CDF project's configured identity provider. Access
    token must be an OpenID Connect token, and the project must be configured to accept OpenID
    Connect tokens. Use a header key of 'Authorization' with a value of 'Bearer $accesstoken'.
    The token can be obtained through any flow supported by the identity provider.
- name: oauth2-open-industrial-data
  source: openapi/cognite-data-fusion-api.yaml
  flows:
  - flow: clientCredentials
    tokenUrl: https://login.microsoftonline.com/48d5043c-cf70-4c49-881c-c638f5796997/oauth2/v2.0/token
  description: Auth flow for Open Industrial Data. Get your client secret from https://hub.cognite.com/open-industrial-data-211.
scopes:
- scope: default
  description: https://{cluster}.cognitedata.com/.default
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml
- scope: https://api.cognitedata.com/.default
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml
- scope: https://{cluster}.cognitedata.com/.default
  sources:
  - openapi/cognite-data-fusion-api.json
  - openapi/cognite-data-fusion-api.yaml