Client Scopes

Scopes allow your API clients to request a specific set of permissions when requesting authorization to access a resource. For example, not all API consumers will need the ability to report loan performance data for your account. Instead, you may allow the consumers to only request authorization to access lead processing services such as our Dry Run service. In other words, scopes allow you to limit the actions a third-party application can perform on bahalf of your account.

Choosing Scopes for Clients

It is recommended to ONLY choose the specific scope(s) for the resources you wish to allow a client access to. Not selecting any scopes will grant access to all endpoints. If you feel uncertain which scope(s) to choose for your client feel free to contact Support.

Assigning Scopes to Tokens

The Decision Cloud API does not allow you the ability to assign scopes when creating access tokens. Scopes are assigned to the client when the credentails are created. Attempting to do so will result in a 400 Bad Request error response:

400 Bad Request

{
    "error": "invalid_scope",
    "error_description": "The requested scope is invalid, unknown, or malformed",
    "hint": "Check the `dry-run` scope",
    "message": "The requested scope is invalid, unknown, or malformed"
}

Managing Client Scopes

Scopes must be managed through the Decision Cloud dashboard. Here's how to manage the scopes for your client:

1. Sign in to your Decision Cloud account.
2. Select Account Settings from the dropdown menu in the top navigation bar.
3. Select Access -> Decision Cloud API from the sidebar menu on the left.
4. Find the client you wish to manage and click the Show button. If prompt for a password, enter to continue.
5. Click Edit Client up top.
6. Select the desired scopes and save.