AccessTokenScope
Ability set granted to a minted API token. api-key = read-only across all resources (*:read); api-secret = read + write across all resources (create/modify workflows, datasets and entries, and provision service accounts); unrestricted = all abilities (*). Note: unrestricted is NOT accepted by the service-account token-minting endpoint. A read-only api-key token can run/read an existing agent, but cannot create or modify resources — server-to-server integrations that provision or edit resources need api-secret.
Ability set granted to a minted API token. api-key = read-only across all resources (*:read); api-secret = read + write across all resources (create/modify workflows, datasets and entries, and provision service accounts); unrestricted = all abilities (*). Note: unrestricted is NOT accepted by the service-account token-minting endpoint. A read-only api-key token can run/read an existing agent, but cannot create or modify resources — server-to-server integrations that provision or edit resources need api-secret.
Possible values: [api-key, api-secret, unrestricted]
"api-key"