Managing scopes & access via API

Until the new spaces UI concept is available people need to create scopes via the API. This is a guide that leads you through the calls needed for it.

Preferences

Token of a user / service-user which has admin role assigned → <yourToken>
The base URL of your application → <baseUrl>

To get the token and the URL check this: How to get a Token for our APIs

Creating a scope

First, you need to create the space object itself. This can be done with this cURL. Just replace the following placeholders: <baseUrl> / <yourToken> / <scopeName>

curl --location 'https://gateway.<baseUrl>/scope-management/graphql' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <yourToken>' \
--data '{"query":"mutation CreateScope($name: String!) {\n  createScope(name: $name) {\n    id\n    name\n  }\n}","variables":{"name":"<scopeName>"}}'

This should respond with the following successful response with your replaced <scopeName> and a new unique <scopeId>:

{
    "data": {
        "createScope": {
            "id": "<scopeId>",
            "name": "<scopeName>"
        }
    }
}

The scope is now created but no one has access to it. For this, you need to create a scopeAccess object

Creating scope access

The Scope Access object defines who has access to a scope and which type of access it is. A scope can have multiple scope access objects. The scope access contains:

the <entityType> (GROUP or USER)
the <entityId> which should have access to the scope (userId or groupId)
the <accessType> (READ or WRITE)
READ can only query data of this scope, WRITE can only insert new data, update data, and delete data.

The cURL for creating this entity is the following. Replace again the values needed for the CURL: <baseUrl> / <yourToken> / <scopeId> / <entityType> / <entityId> / <accessType>