Skip to content

Document new fine-grained REST API scopes for 4.6.0#11525

Open
dushaniw wants to merge 1 commit into
wso2:4.6.0from
dushaniw:4.6.0-granular-scopes-docs
Open

Document new fine-grained REST API scopes for 4.6.0#11525
dushaniw wants to merge 1 commit into
wso2:4.6.0from
dushaniw:4.6.0-granular-scopes-docs

Conversation

@dushaniw

Copy link
Copy Markdown
Contributor

Summary

  • Sync publisher-v4.yaml, admin-v4.yaml and governance-v1.yaml Redocly REST API references with the latest OAS files from the carbon-apimgt support-9.32.147.x-full branch so the new fine-grained scopes show up in the API reference docs.
  • Add a new Additional Fine-Grained REST API Scopes section to advanced-configurations.md clarifying that the new scopes are declared on the relevant REST API operations but are NOT shipped in the default tenant-conf.json. A tenant administrator must add the required scope-role mapping under the target tenant's tenant-conf.json (via Admin Portal Advanced Configurations) before the scope can be issued or honored.

Context

The fine-grained scopes were introduced in carbon-apimgt PR https://github.com/wso2-support/carbon-apimgt/pull/8194 (and the corresponding master PR wso2/carbon-apimgt#13837). They enable verb-level access control per functional area on the Publisher, Admin and Governance REST APIs.

To keep adoption fully backward compatible, the support release does not auto-register these scopes in tenant-conf — they remain opt-in. This doc update makes the activation step explicit.

Test plan

  • Build the docs locally and verify the Redocly pages render the new scopes under each operation's Authorization section.
  • Verify the new "Additional Fine-Grained REST API Scopes" section appears correctly under Reference → Product APIs → Advanced Configurations with the table rendering properly.
  • Confirm the cross-references to the publisher / admin / governance API reference pages resolve.

🤖 Generated with Claude Code

…nance

- Sync publisher-v4, admin-v4 and governance-v1 OAS yamls from support-9.32.147
  so the Redocly REST API reference reflects the new fine-grained scopes added
  on each operation.
- Add a new "Additional Fine-Grained REST API Scopes" section to
  advanced-configurations.md explaining that the new scopes are declared on
  the relevant operations in the OAS but are not shipped in the default
  tenant-conf.json. A tenant administrator must add the required scope-role
  mapping under the tenant's tenant-conf.json (via Admin Portal Advanced
  Configurations) before the scope can be issued or honored.
Copilot AI review requested due to automatic review settings June 22, 2026 08:07
@coderabbitai

coderabbitai Bot commented Jun 22, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 99c9ebc4-3b39-4385-be21-9b02791693f2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the product REST API reference docs to reflect newly introduced fine-grained OAuth2 scopes (CRUD-style) and documents how tenants can opt-in to these scopes via tenant-conf.json.

Changes:

  • Sync Publisher/Admin/Governance OAS YAMLs so the fine-grained scopes appear per-operation in the rendered API references.
  • Add an “Additional Fine-Grained REST API Scopes” section to explain opt-in activation via RESTAPIScopes in tenant-conf.json.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 13 comments.

File Description
en/docs/reference/product-apis/publisher-apis/publisher-v4/publisher-v4.yaml Updates Publisher OAS reference to include fine-grained scopes; adds/adjusts multiple operation security scopes.
en/docs/reference/product-apis/admin-apis/admin-v4/admin-v4.yaml Updates Admin OAS reference with fine-grained scopes and adds/adjusts endpoint documentation.
en/docs/reference/product-apis/governance-apis/governance-v1/governance-v1.yaml Updates Governance OAS reference with additional fine-grained scopes for governance policy/ruleset operations.
en/docs/reference/product-apis/advanced-configurations.md Adds documentation describing the opt-in tenant configuration required to use fine-grained scopes.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" -X GET -d @data.json "https://localhost:9443/api/am/publisher/v4/me/organization-information"'
######################################################
-H "Content-Type: application/json" -X POST -d @data.json "https://localhost:9443/api/am/publisher/v4/me/organization"'
Comment on lines +4487 to +4488
source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
-H "Content-Type: application/json" "https://127.0.0.1:9443/api/am/admin/v4/provider/admin/apis/33662a62-8db1-4d75-af08-afd63c6bd0b4/change-provider?provider=user1"'
The file will be downloaded with the related content type (eg. `application/pdf`)
3. **URL type**:
The client will receive the URL of the document as the Location header with the response with - `303 See Other`
The client will recieve the URL of the document as the Location header with the response with - `303 See Other`
The file will be downloaded with the related content type (eg. `application/pdf`)
3. **URL type**:
The client will receive the URL of the document as the Location header with the response with - `303 See Other`
The client will recieve the URL of the document as the Location header with the response with - `303 See Other`
type: string
description: |
delimiter to separate the email address
delimiter to seperate the email address
dataAmount:
type: integer
description: Amount of data allowed to be transferred
description: Amount of data allowed to be transfered
Comment on lines +5306 to 5307
description: Unit of data allowed to be transfered. Allowed values are
"KB", "MB" and "GB"
type: integer
description: |
Number of Organizations returned.
Number of Organizationa returned.
type: string
description: Status of the usage publish request
example: successful
example: successfull
type: string
description: Status of usage publish job
example: SUCCESSFUL
example: SUCCESSFULL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants