Concept Topic

Scopes for API Clients

Scopes control the types of request that a client can make to the HotDocs Advance API. A client can have a command, query, or root scope.

Overview

You make requests to the Advance API using a client. You typically do not want to give clients the ability to make every type of request possible in the API. For security reasons, it is often better to restrict the types of requests clients can make. These restrictions are called scopes. A client only ever has one allocated scope.

Types of scope

When you create a client in Advance, you select one of the following scopes:

• Query – enables clients to make read requests, i.e. requests that only return data but do not create or update data
• Command – enables clients to make read and write requests, i.e. requests that return, create or update data
• Root – the client has full root access to Advance; it can issue user security tokens

For example, a client requires the command scope to initialize a work item, as that requires creating data in Advance.

Common Tasks

You will set scopes when performing the following tasks:

• Creating a new API client
• Editing an API client