From 842009d1ddac2cc3743cf489490a42484316a8f4 Mon Sep 17 00:00:00 2001 From: zanderwar Date: Mon, 29 Jul 2024 15:50:30 +1000 Subject: [PATCH] Include new scope in s2s authorization (#49) * Improved S2S scope description. --------- Co-authored-by: Patrick Sotiriou --- public/en-us/web-services/authentication/s2s.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/en-us/web-services/authentication/s2s.md b/public/en-us/web-services/authentication/s2s.md index 2916a23..d1c7d26 100644 --- a/public/en-us/web-services/authentication/s2s.md +++ b/public/en-us/web-services/authentication/s2s.md @@ -62,7 +62,7 @@ When making any requests to service-to-service endpoints, you must always provid | client_id | integer | true | Client ID issued to your game. | | client_secret | string | true | Client Secret issued to your game. This should be secure on a backend server and never displayed to players. | | grant_type | string | true | Must be `client_credentials`. | -| scope | string | false | The scopes you wish your token to have. Currently only, read, write, and monetization is supported. | +| scope | string | false | Specify the comma-separated scopes you wish your token to have. Valid scopes are `read`, `write`, `update`, and `monetization`. The `update` scope will elevate the token's authorization, allowing it to edit mods while acting as the game's leader. | ``` POST https://{your-game-id}.modapi.io/v1/oauth/token @@ -163,4 +163,4 @@ Your backend service should be configured such as in the event that the service - An OAuth Client ID, Client Secret and Service Tokens should be kept confidential at all times and never shared with untrusted clients such as game consoles or mobile devices. - Service Tokens are not associated with any specific user on mod.io, and is a generic token designed to identify your secure server for S2S related tasks. -- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired. \ No newline at end of file +- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired.