How do we restrict API scope access to our developers. In Zoom role access, we created a Developer role, but we want to restrict the API scope that they have access to by selecting only the scopes they need for the custom app they are developing.
Hi @Erics1
Thanks for reaching out to us and welcome to our Developer Forum !
Were you able to figure out this issue?
Basically you would give you developers just the permissions that they need, by going into the Roles settings and just enabling settings that they would need for developing integrations.
Hi Elisa,
So as an example, a developer can create a server-to-server app, and they can add all the admin scopes they want, but they won’t be able to use them unless they are also assigned those permissions settings through the Role settings?
Thats correct @Erics1
Thanks. Is there any future enhancements where this can be further restricted by only certain scopes permission is provided. Also if it’s an admin scope, to restrict being able to access to only these users or group of users? (example, create meetings on behalf of this person or group of users?)
Hey Eric,
You can actually restrict a lot of persmissions in the Webportal, you can make it very granular .
With admin scopes you can restrict access to groups and probably individuals too but you would have to manage the individual as a group.
If you’re trying to limit which users can be affected, that’s also controlled by who authorized and installed the application. User OAuth applications get consent from the authorizing user, so the application can manipulate that user’s data. OAuth admin scopes can be limited to a custom audience by setting their role’s scope. The application is essentially impersonating the user that authorized the application, and inherits a subset of their privileges based on declared OAuth scopes.
1 Like