API Key Scopes Explained
Overview
Scopes define what an API key is allowed to access. Use the smallest scope set possible.
Suggested scope model
| Scope | Purpose |
|---|---|
read_activity |
Read Activity Log events. |
read_auth |
Read Auth Log events. |
read_views |
Read View Log events. |
read_reports |
Read summary reports. |
manage_notes |
Add notes to audit records if supported. |
manage_tags |
Add or remove tags if supported. |
Use the actual scope names from your plugin implementation if they differ.
Best practice
- Create one key per integration.
- Give read-only integrations read scopes only.
- Do not give purge/archive scopes to external systems unless absolutely required.
- Review keys every month or after staff/vendor changes.
Example
A dashboard that only reads failed logins should not receive activity, GDPR, purge, or settings scopes.
Screenshot
Screenshot required
Capture from: Rise Audit Pro → API Keys
Capture from: Rise Audit Pro → API Keys
