Scoped API Permissions

Currently, the Admin API key grants very broad permissions to manage everything on a Ghost site. While this is useful in some cases, it can be risky to give full access to third-party services.

It would be great if we could create scoped API keys to limit the access of each Custom Integration. This would be similar to how GitHub allows scopes for OAuth apps or personal access tokens. For example, I might want to limit an integration to only have read access to posts, or to only be able to create new users.

In my case, I’ve developed an integration (Scrib) which needs to be able to read the full post content of paid posts, which currently requires the Admin key. I’d love a way to limit my service’s access to improve user trust and decrease the blast radius in the event of a compromise.

1 Like