API tokens have access rights that define the scopes the token has. These scopes can allow calling all, some, or one of the features the platform offers, or they can be limited to simple actions:
| Token scope | Description | |
|---|---|---|
| Features | API Security Audit | The API token allows calling the API Security Audit service to audit the security of APIs. |
| API Conformance Scan | The API token allows calling the API Conformance Scan service to scan that the live API endpoints conform to their API contracts. The same token can be used to run Conformance Scan both in 42Crunch Platform and on premises. | |
| API Protection | The API token allows calling the API Protection service to protect APIs with API Firewall. | |
| Actions | List resources | The API token allows listing resources (such as API collections, APIs, and users) that are present in your organization in 42Crunch Platform. You can also list resource details, such as API collections owned by a particular user. |
| Delete resources | The API token allows deleting resources (such as API collections, APIs, and users) from your organization in the platform, provided that you have sufficient rights to do so. |