Skip to main content

API Scopes and Access Control

Machine to Machine interaction from a client platform to the Fenergo SaaS APIs is secured using the Client Credential Grant Type. One of the parameters passed in the Authentication Request Body is the Scope Parameter. In essence, this parameter is asking the Authentication service to create an access token which has specific permissions. The Fenergo SaaS platform provides a granular way for clients to generate access tokens which only have the permission they need to perform the specific function they are intended for. This approach to security is better known as the System of Least Privilege and you can learn more about it API Security and Best Practice.

Requesting an Access Token with a specific Scope

If you have built an integration which needs to READ Legal Entity Data, perhaps as a reaction to to an event such as the completion of a Journey, the call to the identity provider for an access token should request only those permissions needed. This integration (at least for this specific use case) would not need the ability to create new legal entity data so the scope should only be fenx.entitydata.read. If there was also a need to get some data about the journey itself, then the integration would also need fenx.journey.read. Look at the console captured from a Postman session where we can see the Request Headers and the Request Body. The Scope parameter contains both required scopes (space separated). The resultant access token will not work for requests against any other APIs than those listed.

Standard API Call including headers

  Request Headers
    Content-Type: application/x-www-form-urlencoded
    User-Agent: PostmanRuntime/7.29.0
    Accept: *
    Cache-Control: no-cache
    Postman-Token: ace71fe5-84e7-44f9-95ce-9c147c147036
    Host: identity.fenergox.com
    Accept-Encoding: gzip, deflate, br
    Connection: keep-alive
    Content-Length: 136

  Request Body
    grant_type: "client_credentials"
    scope: "fenx.entitydata.read fenx.journey.read"
    client_id: "YOUR CLIENT ID"
    client_secret: "YOUR CLIENT SECRET"

note

Currently there is a 300 character limit when specifying scopes as part of a token request. Decide on the level of granularity required per client credential with this in mind.

info

Fenergo have not yet moved to a level of granularity at a method level. So .read scopes are aligned to the Query APIs and .write scopes are aligned to the Command APIs read more on scopes here: https://auth0.com/docs/get-started/apis/scopes

Full List of Available Scopes

NameDisplay NameDescription
fenx.agents.readFen-X AI Agents API ReadGives read access to AI Agent models
fenx.agents.writeFen-X AI Agents API WriteGives write access to AI Agent models
fenx.association.readFen-X Association API ReadGives read access to Associations
fenx.association.writeFen-X Association API WriteGives write access to Associations
fenx.authorization.readFen-X Authorization API ReadGives read access to Authorization
fenx.authorization.writeFen-X Authorization API WriteGives write access to Authorization
fenx.changemanagement.readFen-X Change Management API ReadGives read access to Change Management
fenx.changemanagement.writeFen-X Change Management API WriteGives write access to Change Management
fenx.commentsFen-X Comments GraphQL APIGives full access to Comments GraphQL API
fenx.creditassessment.readFen-X Credit Assessment API ReadGives read access to Credit Assessment
fenx.creditassessment.writeFen-X Credit Assessment API WriteGives write access to Credit Assessment
fenx.creditscreening.readFen-X Credit Screening API ReadGives read access to Credit Screening
fenx.creditscreening.writeFen-X Credit Screening API WriteGives write access to Credit Screening
fenx.dashboards.readFen-X Dashboards API ReadGives read access to Dashboards
fenx.datamigration.readFen-X Data Migration API ReadGives read access to Data Migration
fenx.datamigration.writeFen-X Data Migration API WriteGives write access to Data Migration
fenx.digitalidv.readFen-X DigitalId&V API ReadGives read access to DigitalId
fenx.digitalidv.writeFen-X DigitalId&V API WriteGives write access to DigitalId&V
fenx.documents.readFen-X Documents API ReadGives read access to Documents
fenx.documents.writeFen-X Documents API WriteGives write access to Documents
fenx.entitydata.readFen-X Entity Data API ReadGives read access to Entity Data
fenx.entitydata.writeFen-X Entity Data API WriteGives write access to Entity Data
fenx.etl.writeFen-X ETL API Read and WriteGives read and write access to ETL
fenx.eventingressFen-X Event Ingress APIAllows full access to Event Ingress API
fenx.eventnotificationsFen-X Event Notifications APIAllows full access to Event Notifications API
fenx.externalauthentication.readFen-X External Authentication API ReadGives read access to External Authentication
fenx.externalauthentication.writeFen-X External Authentication API WriteGives write access to External Authentication
fenx.externaldata.readFen-X ExternalData API ReadGives read access to ExternalData
fenx.externaldata.writeFen-X ExternalData API WriteGives write access to ExternalData
fenx.financialanalysis.readFen-X Financial Analysis API ReadGives read access to Financial Analysis
fenx.financialanalysis.writeFen-X Financial Analysis API WriteGives write access to Financial Analysis
fenx.journey.readFen-X Journey API ReadGives read access to Journey
fenx.journey.writeFen-X Journey API WriteGives write access to Journey
fenx.localisation.readFen-X Localisation API ReadGives read access to Localisation
fenx.localisation.writeFen-X Localisation API WriteGives write access to Localisation
fenx.lookup.readFen-X Lookup API ReadGives read access to Lookup
fenx.lookup.writeFen-X Lookup API WriteGives write access to Lookup
fenx.outreach.readFen-X Outreach API ReadGives read access to Outreach
fenx.outreach.writeFen-X Outreach API WriteGives writes access to Outreach
fenx.policy.readFen-X Policy API ReadGives read access to Policy
fenx.policy.writeFen-X Policy API WriteGives write access to Policy
fenx.policyexternaladapter.readFen-X Policy External Adapter API ReadGives read access to Policy External Adapter
fenx.policyexternaladapter.writeFen-X Policy External Adapter API WriteGives write access to Policy External Adapter
fenx.portal-tenant.readFen-X Portal Tenant API WriteGives read access to Portal Tenant
fenx.portal-tenant.writeFen-X Portal Tenant API ReadGives write access to Portal Tenant
fenx.product.readFen-X Product API ReadGives read access to Product
fenx.product.writeFen-X Product API WriteGives write access to Product
fenx.reporting.readFen-X Reporting API ReadGives read access to Reporting
fenx.reports.readFen-X Advanced Reporting API ReadGives read access to Advanced Reporting
fenx.reports.writeFen-X Advanced Reporting API WriteGives writes access to Advanced Reporting
fenx.risk.readFen-X Risk API ReadGives read access to Risk models and perform calculations
fenx.risk.writeFen-X Risk API WriteGives writes access to Risk models
fenx.screening.readFen-X Screening API ReadGives read access to Screening
fenx.screening.writeFen-X Screening API WriteGives write access to Screening
fenx.smartdocs.readFen-X Smartdocs API ReadGives read access to IDP models
fenx.smartdocs.writeFen-X Smartdocs API WriteGives write access to IDP models
fenx.tenant.readFen-X Tenant API ReadGives read access to Tenant
fenx.tenant.writeFen-X Tenant API WriteGives write access to Tenant
fenx.transferagency.writeFen-X TransferAgency API WriteGives write access to Transfer Agency
fenx.transferagency.readFen-X TransferAgency API ReadGives read access to Transfer Agency
fenx.businessmetrics.writeFen-X Business Metrics API WriteGives write access to Business Metrics
fenx.businessmetrics.readFen-X Business Metrics API ReadGives read access to Business Metrics
fenx.webhooksWebhooks management APIAllows full access to Webhooks Management API
fenx.allFen-X All APIsGives full access to all Fen-X APIs