Document new fine-grained REST API scopes for 4.6.0#11525
Conversation
…nance - Sync publisher-v4, admin-v4 and governance-v1 OAS yamls from support-9.32.147 so the Redocly REST API reference reflects the new fine-grained scopes added on each operation. - Add a new "Additional Fine-Grained REST API Scopes" section to advanced-configurations.md explaining that the new scopes are declared on the relevant operations in the OAS but are not shipped in the default tenant-conf.json. A tenant administrator must add the required scope-role mapping under the tenant's tenant-conf.json (via Admin Portal Advanced Configurations) before the scope can be issued or honored.
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR updates the product REST API reference docs to reflect newly introduced fine-grained OAuth2 scopes (CRUD-style) and documents how tenants can opt-in to these scopes via tenant-conf.json.
Changes:
- Sync Publisher/Admin/Governance OAS YAMLs so the fine-grained scopes appear per-operation in the rendered API references.
- Add an “Additional Fine-Grained REST API Scopes” section to explain opt-in activation via
RESTAPIScopesintenant-conf.json.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 13 comments.
| File | Description |
|---|---|
| en/docs/reference/product-apis/publisher-apis/publisher-v4/publisher-v4.yaml | Updates Publisher OAS reference to include fine-grained scopes; adds/adjusts multiple operation security scopes. |
| en/docs/reference/product-apis/admin-apis/admin-v4/admin-v4.yaml | Updates Admin OAS reference with fine-grained scopes and adds/adjusts endpoint documentation. |
| en/docs/reference/product-apis/governance-apis/governance-v1/governance-v1.yaml | Updates Governance OAS reference with additional fine-grained scopes for governance policy/ruleset operations. |
| en/docs/reference/product-apis/advanced-configurations.md | Adds documentation describing the opt-in tenant configuration required to use fine-grained scopes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" | ||
| -H "Content-Type: application/json" -X GET -d @data.json "https://localhost:9443/api/am/publisher/v4/me/organization-information"' | ||
| ###################################################### | ||
| -H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/publisher/v4/me/organization"' |
| source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" | ||
| -H "Content-Type: application/json" "https://127.0.0.1:9443/api/am/admin/v4/provider/admin/apis/33662a62-8db1-4d75-af08-afd63c6bd0b4/change-provider?provider=user1"' |
| The file will be downloaded with the related content type (eg. `application/pdf`) | ||
| 3. **URL type**: | ||
| The client will receive the URL of the document as the Location header with the response with - `303 See Other` | ||
| The client will recieve the URL of the document as the Location header with the response with - `303 See Other` |
| The file will be downloaded with the related content type (eg. `application/pdf`) | ||
| 3. **URL type**: | ||
| The client will receive the URL of the document as the Location header with the response with - `303 See Other` | ||
| The client will recieve the URL of the document as the Location header with the response with - `303 See Other` |
| type: string | ||
| description: | | ||
| delimiter to separate the email address | ||
| delimiter to seperate the email address |
| dataAmount: | ||
| type: integer | ||
| description: Amount of data allowed to be transferred | ||
| description: Amount of data allowed to be transfered |
| description: Unit of data allowed to be transfered. Allowed values are | ||
| "KB", "MB" and "GB" |
| type: integer | ||
| description: | | ||
| Number of Organizations returned. | ||
| Number of Organizationa returned. |
| type: string | ||
| description: Status of the usage publish request | ||
| example: successful | ||
| example: successfull |
| type: string | ||
| description: Status of usage publish job | ||
| example: SUCCESSFUL | ||
| example: SUCCESSFULL |
Summary
publisher-v4.yaml,admin-v4.yamlandgovernance-v1.yamlRedocly REST API references with the latest OAS files from the carbon-apimgtsupport-9.32.147.x-fullbranch so the new fine-grained scopes show up in the API reference docs.advanced-configurations.mdclarifying that the new scopes are declared on the relevant REST API operations but are NOT shipped in the defaulttenant-conf.json. A tenant administrator must add the required scope-role mapping under the target tenant'stenant-conf.json(via Admin Portal Advanced Configurations) before the scope can be issued or honored.Context
The fine-grained scopes were introduced in carbon-apimgt PR https://github.com/wso2-support/carbon-apimgt/pull/8194 (and the corresponding master PR wso2/carbon-apimgt#13837). They enable verb-level access control per functional area on the Publisher, Admin and Governance REST APIs.
To keep adoption fully backward compatible, the support release does not auto-register these scopes in tenant-conf — they remain opt-in. This doc update makes the activation step explicit.
Test plan
🤖 Generated with Claude Code