Add scopes to an existing API token without regenerating it
in progress (now)
Taylor Jennings
Let admins grant new permissions or endpoint scopes to an existing API token in place, without generating a replacement token. Today, when new API endpoints or permission scopes are released, an existing token can't pick them up, so teams have to create a brand-new token and swap it everywhere it's used.
For service and agent integrations that authenticate with a static key (where an interactive OAuth flow isn't an option), this swap is expensive: it means a change request to the third-party vendor holding the token, their development and sequencing time, and an SLA wait, every time a scope is added. In-place scope updates would remove the rotation cycle and let integrations gain access to newly released endpoints without downtime or vendor turnaround.
Jonathan Gittins
updated the status to
in progress (now)