How do I enable scoping for a developer API key in an account?
As part of creating new developer API keys or editing existing developer API keys in your account, you can customize the access the API key receives. Enforcing scopes allows you to control direct access and specific API endpoints for third-party tools associated with your institution.
By default, scope enforcement is disabled when creating a new developer API key, which allows tokens to access all endpoints available to the authorizing user. However, scopes can be edited for a developer API key at any time and update access tokens for the authorizing user appropriately.
Notes:
- Managing Developer Keys is an account permission. If you cannot manage developer keys, this permission has not been enabled for your user role.
- Developer Keys are not available in subaccounts.
Open Account
![Open Account](https://media.screensteps.com/image_assets/assets/007/949/740/original/167b4d34-2e3f-4046-9aed-39673e67bdab.png)
In Global Navigation, click the Admin link [1], then click the name of the account [2].
Open Developer Keys
![Open Developer Keys](https://media.screensteps.com/image_assets/assets/002/823/816/original/8c1bbfa9-a338-4e59-b135-2bf7b09c5f58.png)
In Account Navigation, click the Developer Keys link.
Add Developer Key
![Add Developer Key](https://media.screensteps.com/image_assets/assets/003/083/261/original/e32e4966-287a-4856-8c12-457606e96191.png)
Click the Add Developer Key button.
Add API Key
![](https://media.screensteps.com/image_assets/assets/008/709/813/original/5bb7a54f-3e09-49ab-97ce-b6b7bd8b42dc.png)
Click the Add API Key option.
Enforce Scopes
![Enforce Scopes](https://media.screensteps.com/image_assets/assets/003/083/255/original/08f10eae-24cb-499a-a981-47ec5c0b89a2.png)
After you've completed the developer key information, click the Enforce Scopes button.
Allow Include Parameters
![Allow Include Parameters](https://media.screensteps.com/image_assets/assets/003/083/257/original/fd28bba1-4312-4fc5-b232-c7b8afbf64b2.png)
To permit usage of all "includes" parameters for this key, click the Allow Include Parameters checkbox.
"Includes" parameters may grant access to additional data that is not included in the Endpoints table.
Search Endpoints
![Search Endpoints](https://media.screensteps.com/image_assets/assets/003/083/263/original/32ecda05-a94d-40dd-9962-5b6545715ce4.png)
To search for a specific endpoint, type the name of the endpoint in the Search Endpoints field [1].
To see all available endpoints, scroll through the Endpoints table [2].
Select Read Only Endpoints
![Select Read Only Endpoints](https://media.screensteps.com/image_assets/assets/003/083/259/original/6fdb8dd9-410b-48c8-abb0-4a7c7d777d6c.png)
To grant read-only (GET) access to the developer key, select the Read only checkbox. The table will automatically update and select all scopes that contain read-only endpoints.
Select Individual Endpoints
You can grant customized access to the developer API key. Click any scope name to view available endpoints [1]. Select the desired endpoints by clicking the checkbox next to the endpoint name [2]. The scope name line will update to show the summary of the collective selected endpoint access [3].
Save Key
![Save Key](https://media.screensteps.com/image_assets/assets/003/083/265/original/8538c03d-f619-4935-8e8b-f5b5989f4ec6.png)
Click the Save button.