Include new scope in s2s authorization (#49)

* Improved S2S scope description. --------- Co-authored-by: Patrick Sotiriou <[email protected]>
modio · Jul 29, 2024 · 842009d · 842009d
1 parent af7fe5c
commit 842009d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/public/en-us/web-services/authentication/s2s.md b/public/en-us/web-services/authentication/s2s.md
@@ -62,7 +62,7 @@ When making any requests to service-to-service endpoints, you must always provid
 | client_id     | integer | true     | Client ID issued to your game.                                                                               |
 | client_secret | string  | true     | Client Secret issued to your game. This should be secure on a backend server and never displayed to players. |
 | grant_type    | string  | true     | Must be `client_credentials`.                                                                                |
-| scope        | string  | false    | The scopes you wish your token to have. Currently only, read, write, and monetization is supported.          |
+| scope         | string  | false    | Specify the comma-separated scopes you wish your token to have. Valid scopes are `read`, `write`, `update`, and `monetization`. The `update` scope will elevate the token's authorization, allowing it to edit mods while acting as the game's leader. |
 
 ```
 POST https://{your-game-id}.modapi.io/v1/oauth/token
@@ -163,4 +163,4 @@ Your backend service should be configured such as in the event that the service
 
 - An OAuth Client ID, Client Secret and Service Tokens should be kept confidential at all times and never shared with untrusted clients such as game consoles or mobile devices.
 - Service Tokens are not associated with any specific user on mod.io, and is a generic token designed to identify your secure server for S2S related tasks.
-- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired.
+- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired.