Historically, a single API key granted full access to both the unified and platform APIs. To improve security, API keys can now be created with granular scopes that limit what each key is allowed to do.
To improve our security standing, we have implemented API key scopes. These scopes enable customers to select which API parts the API key can access.
There are four scopes available when creating an API key, which can be selected in any combination in the Create API key panel:
- unified.read:
allows calls to read‑only unified endpoints.
- unified.write:
allows calls to unified endpoints that update data.
- platform.read:
allows reads of platform‑level data such as Accounts.
- platform.write:
allows platform‑level writes such as creating Accounts and Connect Sessions.
The count of scopes for a given API is now included on the main API keys table. Hovering over the scope count shows the list of scopes for that API key: