Configuring OAuth2 settings in API Gateway

As the tenant administrator, you can use the Scopes setting in the Configuration section of the API Gateway administration user interface.

Scopes setting

This setting has two levels:

  • Disabled: This is the default state. This means that no OAuth2 scopes are enforced for any authorized app. The API from all clients to Infor OS API suites continues to work as before. Also, should anything go wrong with enabling scopes, the customer can always switch back to OFF.
  • Enforced: All calls to Infor OS API suites, regardless of the caller, will be enforced for scopes check. Since not all suites and apps of a given tenant are scope-enabled, this option is kept disabled. This option will be enabled when all suites and apps are capable of working with scopes.