OAuth
Credentials
Client IDs SHOULD include a namespace. For example, nypl_holds_service where nypl_ is the namespace.
Client IDs SHOULD use snake-case.
Client IDs SHOULD be limited to 16 alphabetical characters.
Client secrets MUST NOT be shared across applications and MUST NOT be committed to source control or exposed publicly (see security).
Scopes
Scopes are used to specify access on NYPL platform services.
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user or application already has.
Clients SHOULD always request the most specific scopes when requesting a token.
Common Scopes
These scopes are common to all services:
openid: required by OpenID Connect specificationoffline_access: issues a refresh token (when applicable)login:staff: use the NYPL Active Directory for authentication onauthorization_coderequests
Service-specific Scopes
| Scope | Description |
|---|---|
admin |
Administrative/global access |
read:bib |
Read bibs |
write:bib |
Write bibs |
read:checkin_request |
Read check-ins requests |
write:checkin_request |
Write check-in requests |
read:checkout_request |
Read check-out requests |
write:checkout_request |
Write check-out requests |
read:doc |
Read and generate new documentation |
read:hold_request |
Read hold requests |
write:hold_request |
Write hold requests |
read:item |
Read items |
write:item |
Write items |
read:patron |
Read patron information |
write:patron |
Write patron information |
read:recall_request |
Read recall requests |
write:recall_request |
Write recall requests |
read:refile_request |
Read refile requests |
write:refile_request |
Write refile requests |
read:staff_picks |
Read staff picks and staff pick lists |
write:staff_picks |
Write staff picks and staff pick lists |