More granular OAuth scope for cards

[stevebissett]

The scoping on cards is currently a single scope for all card functionality.

There are essentially 2 - 3 smaller scopes:

• Retrieve (GET) - Retrieve cards, code functions, logs of executions with transaction info, etc.
• Retrieve sensitive info (GET) - Retrieve card info with full card numbers, expiry, CVV, etc.
• Updating of code (POST) - Updating function code, publishing code, changing variables.

For security purposes, it would be useful to have more granular scoping so that read-only access can be differentiated from publishing new code etc.

(Currently, I am using the cards API only to retrieve execution logs and hence being able to update and publish code is an unnecessary security risk).

[neilwithers]

Hi @stevebissett

Thanks for the suggestion. We'll have a look at what we can do and get back to you asap.

[neilwithers]

Hi @stevebissett

We have added this to our backlog. We will chat to you when we have an update.