xMatters · OAuth Scopes

xMatters OAuth Scopes

OAuth 2.0 derived

xMatters uses OAuth 2.0 but publishes no discrete scopes — access is governed by the grant itself (e.g. client-credentials or role-based authorization) rather than per-scope consent.

Tokens are issued from https://{company}.{deployment}.xmatters.com/api/xm/1/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Incident ManagementOn-CallAlertingService ReliabilityDevOpsCommunicationWorkflow Automation
Scopes: 0 Flows: password Method: derived

OAuth endpoints

Token URL
https://{company}.{deployment}.xmatters.com/api/xm/1/oauth2/token
Flows
password

Scopes (0)

xMatters implements OAuth 2.0 but publishes no discrete scopes — access is governed by the grant itself (client-credentials or role-based authorization) rather than per-scope consent.

xMatters OAuth 2.0 (password and refresh_token grants) does not use scopes; API access is governed by the authenticated user's roles and permissions (https://help.xmatters.com/xmapi/).

Source

OAuth Scopes

xmatters-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/xmatters-openapi.yml
docs: https://help.xmatters.com/ondemand/api/oauth.htm
note: xMatters OAuth 2.0 (password and refresh_token grants) does not use scopes;
  API access is governed by the authenticated user's roles and permissions
  (https://help.xmatters.com/xmapi/).
schemes:
- name: OAuth2
  source: openapi/xmatters-openapi.yml
  flows:
  - flow: password
    tokenUrl: https://{company}.{deployment}.xmatters.com/api/xm/1/oauth2/token
scopes: []