Configuring OAuth2 settings in ION API
As the tenant administrator, you can use the Scopes setting in the Configuration section of the ION API administration user interface.
This setting has two levels:
- Disabled: This is the default state. This means that no OAuth2 scopes are enforced for any authorized app. The API from all clients to Xi Platform API suites continues to work as before. Also, should anything go wrong with enabling scopes, the customer can always switch back to OFF.
- Enforced: All calls to Xi Platform API suites, regardless of the caller, will be enforced for scopes check. Since not all suites and apps of a given tenant are scope-enabled, this option is kept disabled. This option will be enabled when all suites and apps are capable of working with scopes.