--- title: "Scopes" canonical_url: "https://docs.getdx.com/webapi/scopes/" md_url: "https://docs.getdx.com/webapi/scopes.md" last_updated: "2026-06-18" --- # Scopes Scopes control which endpoints and operations a Web API token can access. --- ## `snapshots:read` Read access to Snapshot survey data, teams, tags, and related reference data. | Method | Endpoint | Description | | ------ | ------------------------------- | ----------------------------------- | | GET | `snapshots.list` | List all completed Snapshots | | GET | `snapshots.info` | Get detailed results for a Snapshot | | GET | `snapshots.driverComments.list` | List driver (sentiment) comments | | GET | `snapshots.csatComments.list` | List CSAT comments | | GET | `teams.list` | List teams | | GET | `teams.info` | Get team details | | GET | `teams.findByMembers` | Find a team by its members | | GET | `teams.auditTrail` | Get team audit trail | | GET | `users.findByGithubUsername` | Find a user by GitHub username | --- ## `snapshots:admin` Elevated Snapshot access: export raw data files and manage org-structure imports. The `snapshots:read` scope is also required for all endpoints below. | Method | Endpoint | Description | | ------ | -------------------------------- | --------------------------------------------------- | | GET | `snapshots.getFile` | Download a completed Snapshot as an Excel file | | POST | `orgfiles.teamHierarchy.process` | Process and import a team hierarchy | | POST | `orgfiles.teamHierarchy.preview` | Preview a team hierarchy import without applying it | | GET | `orgfiles.teamHierarchy.get` | Get the status or result of a team hierarchy import | --- ## `catalog:read` Read access to the Software Catalog — entities, types, relations, and properties. | Method | Endpoint | Description | | ------ | ----------------------------- | ----------------------------------------- | | GET | `catalog.entities.list` | List Catalog entities | | GET | `catalog.entities.info` | Get details for a Catalog entity | | GET | `catalog.entities.scorecards` | List Scorecards associated with an entity | | GET | `catalog.entities.tasks` | Get initiative tasks for an entity | | GET | `catalog.entityTypes.list` | List entity types | | GET | `catalog.entityTypes.info` | Get details for an entity type | | GET | `catalog.relations.list` | List relation definitions | | GET | `catalog.relations.info` | Get details for a relation definition | | GET | `catalog.relationEdges.list` | List relation edges between entities | --- ## `catalog:write:entities` Write access to Catalog entities, types, and relations. | Method | Endpoint | Description | | ------ | ---------------------------------- | ---------------------------------------- | | POST | `catalog.entities.create` | Create a new entity | | POST | `catalog.entities.update` | Update an existing entity | | POST | `catalog.entities.upsert` | Create or update an entity | | POST | `catalog.entities.delete` | Delete an entity | | POST | `catalog.entityTypes.create` | Create a new entity type | | POST | `catalog.entityTypes.update` | Update an existing entity type | | POST | `catalog.entityTypes.delete` | Delete an entity type | | POST | `catalog.relations.create` | Create a new relation definition | | POST | `catalog.relations.update` | Update a relation definition | | POST | `catalog.relations.delete` | Delete a relation definition | | POST | `catalog.relationEdges.add` | Add a relation edge between two entities | | POST | `catalog.relationEdges.bulkUpsert` | Bulk-add or update relation edges | | POST | `catalog.relationEdges.remove` | Remove a relation edge | --- ## `scorecards:read` Read access to Scorecards and Initiatives. | Method | Endpoint | Description | | ------ | ---------------------------- | --------------------------------- | | GET | `scorecards.list` | List Scorecards | | GET | `scorecards.info` | Get details for a Scorecard | | GET | `initiatives.list` | List Initiatives | | GET | `initiatives.info` | Get details for an Initiative | | GET | `initiatives.progressReport` | Get an Initiative progress report | --- ## `scorecards:write` Write access to Scorecard definitions. Requires Data Studio access in addition to this scope. | Method | Endpoint | Description | | ------ | ------------------- | ---------------------------- | | POST | `scorecards.create` | Create a new Scorecard | | POST | `scorecards.update` | Update an existing Scorecard | | POST | `scorecards.delete` | Delete a Scorecard | --- ## `workflows:read` Read access to Self-Service Workflows. | Method | Endpoint | Description | | ------ | ------------------- | ------------------------------ | | GET | `workflows.list` | List available Workflows | | GET | `workflowRuns.info` | Get details for a Workflow Run | --- ## `workflowRuns:trigger` Permission to trigger Self-Service Workflow runs. | Method | Endpoint | Description | | ------ | ---------------------- | ------------------------ | | POST | `workflowRuns.trigger` | Start a new Workflow Run | --- ## `workflowRuns:writeEvents` Permission to post events and status updates into a running Workflow Run. | Method | Endpoint | Description | | ------ | --------------------------- | ----------------------------------- | | POST | `workflowRuns.postMessage` | Post a message to a Workflow Run | | POST | `workflowRuns.addLink` | Add a link to a Workflow Run | | POST | `workflowRuns.changeStatus` | Change the status of a Workflow Run | --- ## `platformx:manage` Manage PlatformX projects. | Method | Endpoint | Description | | ------ | --------------------------- | ----------------------------------- | | GET | `platformx.projects.list` | List PlatformX projects (paginated) | | POST | `platformx.projects.create` | Create a PlatformX project | --- ## `userGroups:read` Read access to Frontline user groups. | Method | Endpoint | Description | | ------ | ----------------- | -------------------------------------- | | GET | `userGroups.list` | List Frontline user groups | | GET | `userGroups.get` | Get details for a Frontline user group | --- ## `userGroups:write` Write access to Frontline user groups. | Method | Endpoint | Description | | ------ | ------------------- | ----------------------------- | | POST | `userGroups.create` | Create a Frontline user group | | POST | `userGroups.update` | Update a Frontline user group | | POST | `userGroups.delete` | Delete a Frontline user group | --- ## `users:read` Read access to user profiles. | Method | Endpoint | Description | | ------ | ------------ | -------------------------------------------- | | GET | `users.list` | List all users with profile and team details | --- ## `users:write` Write access to user profiles and custom attributes. | Method | Endpoint | Description | | ------ | ------------------------- | -------------------------------------------------------------------------- | | POST | `users.update` | Update a user's profile (email, start date, source system usernames, etc.) | | POST | `users.attributes.update` | Upsert custom user attribute values | --- ## `teams:manage` Permission to manage org-structure files. The `snapshots:read` scope is also required. | Method | Endpoint | Description | | ------ | ----------------- | -------------------------------------- | | GET | `orgfiles.list` | List previously uploaded org CSV files | | POST | `orgfiles.upload` | Upload an org structure CSV file | --- ## `accountSettings:read` Read access to account-level configuration. | Method | Endpoint | Description | | ------ | ---------------------- | ------------------------------------------------------------ | | GET | `accountSettings.info` | Get SSO/identity-provider configuration and session settings | --- ## `apiKeys:read` Read access to organization-level API key records. | Method | Endpoint | Description | | ------ | -------------- | -------------------------- | | GET | `apiKeys.list` | List organization API keys | --- ## `auditLogs:read` Read access to the audit log. | Method | Endpoint | Description | | ------ | ---------------- | ---------------------------------------------- | | GET | `auditLogs.list` | Retrieve a paginated list of audit log entries | --- ## `datacloud:query` Permission to execute queries against your raw engineering data. Requires Data Studio access in addition to this scope. | Method | Endpoint | Description | | ------ | -------------------------- | ------------------------------------------- | | POST | `studio.queryRuns.execute` | Execute a SQL query | | GET | `studio.queryRuns.info` | Get the status of a query run | | GET | `studio.queryRuns.results` | Retrieve results from a completed query run | --- ## `studio:reports:read` Read access to Data Studio Reports. Requires Data Studio access in addition to this scope. | Method | Endpoint | Description | | ------ | --------------------- | ------------------------------------------- | | GET | `studio.reports.list` | List Data Studio Reports | | GET | `studio.reports.info` | Get configuration and metadata for a Report | --- ## `studio:reports:write` Write access to Data Studio Reports. Requires Data Studio access in addition to this scope. | Method | Endpoint | Description | | ------ | ----------------------- | ------------------------------- | | POST | `studio.reports.create` | Create a new Data Studio Report | | POST | `studio.reports.update` | Update an existing Report | | POST | `studio.reports.delete` | Delete a Report | --- --- ## Sitemap [Overview of all docs pages](/llms.txt)