Client IDs SHOULD include a namespace. For example, nypl_holds_service
where nypl_
is the namespace.
Client IDs SHOULD use snake-case.
Client IDs SHOULD be limited to 16 alphabetical characters.
Client secrets MUST NOT be shared across applications and MUST NOT be committed to source control or exposed publicly (see security).
Scopes are used to specify access on NYPL platform services.
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user or application already has.
Clients SHOULD always request the most specific scopes when requesting a token.
These scopes are common to all services:
openid
: required by OpenID Connect specificationoffline_access
: issues a refresh token (when applicable)login:staff
: use the NYPL Active Directory for authentication onauthorization_code
requests
Scope | Description |
---|---|
admin |
Administrative/global access |
read:bib |
Read bibs |
write:bib |
Write bibs |
read:checkin_request |
Read check-ins requests |
write:checkin_request |
Write check-in requests |
read:checkout_request |
Read check-out requests |
write:checkout_request |
Write check-out requests |
read:doc |
Read and generate new documentation |
read:hold_request |
Read hold requests |
write:hold_request |
Write hold requests |
read:item |
Read items |
write:item |
Write items |
read:patron |
Read patron information |
write:patron |
Write patron information |
read:recall_request |
Read recall requests |
write:recall_request |
Write recall requests |
read:refile_request |
Read refile requests |
write:refile_request |
Write refile requests |
read:staff_picks |
Read staff picks and staff pick lists |
write:staff_picks |
Write staff picks and staff pick lists |