Scoping (legacy)
Resource scoping is an important concept in the EVRYTHNG Platform API. In a nutshell, a resource's scopes determines who can view and interact with it. There are multiple types of scope:
- Account scope - The account a resource is created in, either by an account Operator or other actor.
- Project scope - All projects that this resource is visible to, and by extension, applications and Application Users within those projects.
- User scope - All Application Users that can interact with this resource.
By default, all resources are created with no project scope, which means that no Application Users or Operators with specific project permissions can view them. To grant access to more users or projects, update the scopes
of the resource as described below.
The permissions for scope management are derived by the ones on the related resources e.g., if you can view and/or modify something, then you can view and/or modify its scope.
Note
We recommend that all resources are scoped on creation to minimise confusion and maximise appropriate access and security.
## ScopesDocument Data Model
.users (array of string)
An array of Application User IDs this resource is scoped to.
.projects (array of string)
An array of project IDs this resource is scoped to.
{
"type": "object",
"description": "Project and user scopes arrays.",
"properties": {
"users": {
"type": "array",
"description": "An array of Application User IDs this resource is scoped to.",
"items": { "type": "string" }
},
"projects": {
"type": "array",
"description": "An array of project IDs this resource is scoped to.",
"items": {
"type": "string",
"description": "The ID of this resource.",
"pattern": "^[abcdefghkmnpqrstwxyABCDEFGHKMNPQRSTUVWXY0123456789]{24}$",
"readOnly": true
}
}
}
}
{
"users": [
"all"
],
"projects": [
"UmxHK6K8BXsa9KawRh4bTbqc",
"U4aPM5gyBg8w9pwaaYKCepVg"
]
}
Read Resource Scopes
Requests that return resources will not display the resource scopes
by default. In order to view the scopes
property, ?withScopes
query parameter should be set to true
. For example:
GET /products?withScopes=true
Authorization: $OPERATOR_API_KEY
curl -H "Authorization: $OPERATOR_API_KEY" \
-X GET 'https://api.evrythng.com/products?withScopes=true'
const params = { withScopes: true };
operator.product().read({ params })
.then(console.log);
// Or using param setters
operator.product().setWithScopes()
.read()
.then(console.log);
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"id": "Umnfh3EUBMP7tNaaRmQREhRa",
"createdAt": 1504016755599,
"name": "Temperature Sensor Product",
"fn": "Temperature Sensor Product",
"description": "A standard temperature sensor",
"scopes": {
"users": [
"U3ng82wQBqPrtNRwwmQwkt8d"
],
"projects": [
"UG4WExTKBqPr9NwRa3twYDnk"
]
},
"updatedAt": 1505383000034,
"properties": {
"on_duration_seconds": 3343,
"temperature_celsius": 42
}
}
]
## Update Resource Scopes
The scope of resources can be edited with an update (PUT
) request containing a new scopes
property with a list of the Application Users and/or projects to be scoped. For example, to update a Thng's scopes:
PUT /thngs/:thngId
Authorization: $OPERATOR_API_KEY
Content-Type: application/json
{
"scopes": ScopesDocument
}
curl -H "Content-Type: application/json" \
-H "Authorization: $OPERATOR_API_KEY" \
-X PUT 'https://api.evrythng.com/thngs/Um2eFEyqBD8w95wwRgkB5cbc' \
-d '{
"scopes": {
"users": [ "UmWA65MTeD8wQKRwwh9VHyrn" ],
"projects": [ "Umnfh3EUBMP7tNaaRmQREhRa" ]
}
}'
const thngId = 'Um2eFEyqBD8w95wwRgkB5cbc';
const projects = ['Umnfh3EUBMP7tNaaRmQREhRa'];
const users = ['UmWA65MTeD8wQKRwwh9VHyrn'];
// Using rescope method
operator.thng(thngId)
.rescope(projects, users)
.then(console.log);
// Or using PUT payload
operator.thng(thngId)
.update({
scopes: {
projects,
users,
}
})
.then(console.log);
By default, the operation will replace the scopes
of the resource being updated with those in the request. To add or remove an ID, simply prefix it with the +
or -
character respectively. For example, to only add a single project ID and add all Application Users:
PUT /thngs/:thngId
Authorization: $OPERATOR_API_KEY
Content-Type: application/json
{
"scopes": {
"projects": ["+Umnfh3EUBMP7tNaaRmQREhRa"],
"users": ["+all"]
}
}
Additionally the keyword all
can be used in place of the named projects and users IDs.
Scope a Resource on Creation
Resources should be scoped to a project on creation by passing the desired project ID in the project
parameter. This is a recommended practise when creating resource as it ensures that they are scoped appropriately from the earliest opportunity.
POST /thngs?project=:projectId
Authorization: $OPERATOR_API_KEY
Content-Type: application/json
{
"name": "Automatically Scoped Thng"
}
curl -x -H "Content-Type: application/json" \
-H "Authorization: $OPERATOR_API_KEY" \
-X POST 'https://api.evrythng.com/thngs?project=UmFBemNbMmPEY6awwDfxYgxh'
-d '{
"name": "Automatically Scoped Thng"
}'
const projectId = 'UmFBemNbMmPEY6awwDfxYgxh';
const payload = { name: 'Automatically Scoped Thng' };
const params = { project: projectId };
user.thng().create(payload, { params }).then(console.log);
// Or using param setters
user.thng().setProject(projectId)
.create(payload)
.then(console.log);
String projectId = "Uh5qRBqc4DcmbNbAANtMnrYm";
Thng thng = new Thng();
thng.setName("Automatically Scoped Thng");
apiManager.thngService().thngCreator(thng).project(projectId).execute();
Updated about 4 years ago