WSO2 · OAuth Scopes

WSO2 OAuth Scopes

OAuth 2.0 derived

WSO2 publishes 51 OAuth 2.0 scopes via the password flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the WSO2 API on a user’s behalf.

Tokens are issued from https://localhost:9443/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

API ManagementGatewaysOpen SourceAPI LifecycleGraphQLSOAPREST
Scopes: 51 Flows: password Method: derived

OAuth endpoints

Token URL
https://localhost:9443/oauth2/token
Flows
password

Scopes (51)

ScopeDescriptionFlows
apim:admin Manage all admin operations password
apim:admin_alert_manage Manage admin alerts password
apim:admin_application_view View Applications password
apim:admin_operations Manage API categories and Key Managers related operations password
apim:admin_settings Retrieve admin settings password
apim:admin_tier_manage Update and delete throttling policies password
apim:admin_tier_view View throttling policies password
apim:api_category Manage API categories password
apim:api_import_export Import and export APIs related operations password
apim:api_key Generate API Keys password
apim:api_product_import_export Import and export API Products related operations password
apim:api_provider_change Retrieve and manage applications password
apim:api_view view access to services for read only users password
apim:api_workflow_approve Manage workflows password
apim:api_workflow_view Retrive workflow requests password
apim:app_import_export Import and export applications related operations password
apim:app_manage Retrieve, Manage and Import, Export applications password
apim:app_owner_change Retrieve and manage applications password
apim:app_settings_change Change Application Settings password
apim:bl_manage Update and delete deny policies password
apim:bl_view View deny policies password
apim:bot_data Retrieve bot detection data password
apim:dcr:app_manage create oauth app using dcr password
apim:environment_manage Manage gateway environments password
apim:environment_read Retrieve gateway environments password
apim:gov_policy_manage Manage governance policies password
apim:gov_policy_read Retrieve governance policies password
apim:gov_result_read Retrieve governance results password
apim:gov_rule_manage Manage governance rules password
apim:gov_rule_read Retrieve governance rules password
apim:keymanagers_manage Manage Key Managers password
apim:llm_provider_manage Manage LLM Providers password
apim:mediation_policy_create Create and update mediation policies password
apim:mediation_policy_view View mediation policies password
apim:monetization_usage_publish Retrieve and publish Monetization related usage records password
apim:organization_manage Manage Organizations password
apim:organization_read Read Organizations password
apim:policies_import_export Export and import policies related operations password
apim:role_manage Manage system roles password
apim:scope_manage Manage system scopes password
apim:store_settings Retrieve Developer Portal settings password
apim:sub_alert_manage Retrieve, subscribe and configure Developer Portal alert types password
apim:sub_manage Retrieve, Manage subscriptions password
apim:subscribe Subscribe API password
apim:tenantInfo Retrieve tenant related information password
apim:tenant_theme_manage Manage tenant themes password
apim:tier_manage Update and delete throttling policies password
apim:tier_view View throttling policies password
openid Authorize access to user details password
service_catalog:service_view view access to services in service catalog password
service_catalog:service_write write access to services in service catalog password

Source

OAuth Scopes

wso2-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/wso2-admin-api.yaml, openapi/wso2-dcr-api.yaml, openapi/wso2-devportal-api.yaml,
  openapi/wso2-governance-api.yaml, openapi/wso2-service-catalog-api.yaml
schemes:
- name: OAuth2Security
  source: openapi/wso2-admin-api.yaml
  flows:
  - flow: password
    tokenUrl: https://localhost:9443/oauth2/token
- name: OAuth2Security
  source: openapi/wso2-dcr-api.yaml
  flows:
  - flow: password
    tokenUrl: https://localhost:9443/oauth2/token
- name: OAuth2Security
  source: openapi/wso2-devportal-api.yaml
  flows:
  - flow: password
    tokenUrl: https://localhost:9443/oauth2/token
- name: OAuth2Security
  source: openapi/wso2-governance-api.yaml
  flows:
  - flow: password
    tokenUrl: https://localhost:9443/oauth2/token
- name: OAuth2Security
  source: openapi/wso2-service-catalog-api.yaml
  flows:
  - flow: password
    tokenUrl: https://localhost:9443/oauth2/token
scopes:
- scope: apim:admin
  description: Manage all admin operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-devportal-api.yaml
- scope: apim:admin_alert_manage
  description: Manage admin alerts
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:admin_application_view
  description: View Applications
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:admin_operations
  description: Manage API categories and Key Managers related operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:admin_settings
  description: Retrieve admin settings
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:admin_tier_manage
  description: Update and delete throttling policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:admin_tier_view
  description: View throttling policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_category
  description: Manage API categories
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_import_export
  description: Import and export APIs related operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_key
  description: Generate API Keys
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:api_product_import_export
  description: Import and export API Products related operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_provider_change
  description: Retrieve and manage applications
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_view
  description: view access to services for read only users
  flows:
  - password
  sources:
  - openapi/wso2-service-catalog-api.yaml
- scope: apim:api_workflow_approve
  description: Manage workflows
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:api_workflow_view
  description: Retrive workflow requests
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:app_import_export
  description: Import and export applications related operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-devportal-api.yaml
- scope: apim:app_manage
  description: Retrieve, Manage and Import, Export applications
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:app_owner_change
  description: Retrieve and manage applications
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:app_settings_change
  description: Change Application Settings
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:bl_manage
  description: Update and delete deny policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:bl_view
  description: View deny policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:bot_data
  description: Retrieve bot detection data
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:dcr:app_manage
  description: create oauth app using dcr
  flows:
  - password
  sources:
  - openapi/wso2-dcr-api.yaml
- scope: apim:environment_manage
  description: Manage gateway environments
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:environment_read
  description: Retrieve gateway environments
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:gov_policy_manage
  description: Manage governance policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: apim:gov_policy_read
  description: Retrieve governance policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: apim:gov_result_read
  description: Retrieve governance results
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: apim:gov_rule_manage
  description: Manage governance rules
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: apim:gov_rule_read
  description: Retrieve governance rules
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: apim:keymanagers_manage
  description: Manage Key Managers
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:llm_provider_manage
  description: Manage LLM Providers
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:mediation_policy_create
  description: Create and update mediation policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:mediation_policy_view
  description: View mediation policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:monetization_usage_publish
  description: Retrieve and publish Monetization related usage records
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:organization_manage
  description: Manage Organizations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:organization_read
  description: Read Organizations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:policies_import_export
  description: Export and import policies related operations
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:role_manage
  description: Manage system roles
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:scope_manage
  description: Manage system scopes
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:store_settings
  description: Retrieve Developer Portal settings
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:sub_alert_manage
  description: Retrieve, subscribe and configure Developer Portal alert types
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:sub_manage
  description: Retrieve, Manage subscriptions
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:subscribe
  description: Subscribe API
  flows:
  - password
  sources:
  - openapi/wso2-devportal-api.yaml
- scope: apim:tenantInfo
  description: Retrieve tenant related information
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:tenant_theme_manage
  description: Manage tenant themes
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:tier_manage
  description: Update and delete throttling policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: apim:tier_view
  description: View throttling policies
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
- scope: openid
  description: Authorize access to user details
  flows:
  - password
  sources:
  - openapi/wso2-admin-api.yaml
  - openapi/wso2-dcr-api.yaml
  - openapi/wso2-devportal-api.yaml
  - openapi/wso2-governance-api.yaml
- scope: service_catalog:service_view
  description: view access to services in service catalog
  flows:
  - password
  sources:
  - openapi/wso2-service-catalog-api.yaml
- scope: service_catalog:service_write
  description: write access to services in service catalog
  flows:
  - password
  sources:
  - openapi/wso2-service-catalog-api.yaml