From 12ba1f11b1e3ad1fc3872a11a89b72e766dbc585 Mon Sep 17 00:00:00 2001 From: zanderwar Date: Wed, 24 Jul 2024 11:32:49 +1000 Subject: [PATCH 1/2] Update s2s.md --- public/en-us/web-services/authentication/s2s.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/public/en-us/web-services/authentication/s2s.md b/public/en-us/web-services/authentication/s2s.md index 2916a23..47d48f7 100644 --- a/public/en-us/web-services/authentication/s2s.md +++ b/public/en-us/web-services/authentication/s2s.md @@ -62,7 +62,7 @@ When making any requests to service-to-service endpoints, you must always provid | client_id | integer | true | Client ID issued to your game. | | client_secret | string | true | Client Secret issued to your game. This should be secure on a backend server and never displayed to players. | | grant_type | string | true | Must be `client_credentials`. | -| scope | string | false | The scopes you wish your token to have. Currently only, read, write, and monetization is supported. | +| scope | string | false | Specify the comma-separated scopes you wish your token to have. Currently, only **read**, **write**, **update**, and **monetization** are supported. The update scope will elevate the token's authorization, allowing it to edit mods while acting as the game's leader. | ``` POST https://{your-game-id}.modapi.io/v1/oauth/token @@ -163,4 +163,4 @@ Your backend service should be configured such as in the event that the service - An OAuth Client ID, Client Secret and Service Tokens should be kept confidential at all times and never shared with untrusted clients such as game consoles or mobile devices. - Service Tokens are not associated with any specific user on mod.io, and is a generic token designed to identify your secure server for S2S related tasks. -- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired. \ No newline at end of file +- Service Tokens are valid for 90 days. We highly recommend caching the token on your backend and only request a new service token if you require different scope(s) or the token has expired. From ec9078b3dc8c6edae18910b4dd4135a6691f86c3 Mon Sep 17 00:00:00 2001 From: Patrick Sotiriou Date: Mon, 29 Jul 2024 15:49:59 +1000 Subject: [PATCH 2/2] Improved S2S scope description. --- public/en-us/web-services/authentication/s2s.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/en-us/web-services/authentication/s2s.md b/public/en-us/web-services/authentication/s2s.md index 47d48f7..d1c7d26 100644 --- a/public/en-us/web-services/authentication/s2s.md +++ b/public/en-us/web-services/authentication/s2s.md @@ -62,7 +62,7 @@ When making any requests to service-to-service endpoints, you must always provid | client_id | integer | true | Client ID issued to your game. | | client_secret | string | true | Client Secret issued to your game. This should be secure on a backend server and never displayed to players. | | grant_type | string | true | Must be `client_credentials`. | -| scope | string | false | Specify the comma-separated scopes you wish your token to have. Currently, only **read**, **write**, **update**, and **monetization** are supported. The update scope will elevate the token's authorization, allowing it to edit mods while acting as the game's leader. | +| scope | string | false | Specify the comma-separated scopes you wish your token to have. Valid scopes are `read`, `write`, `update`, and `monetization`. The `update` scope will elevate the token's authorization, allowing it to edit mods while acting as the game's leader. | ``` POST https://{your-game-id}.modapi.io/v1/oauth/token