More granular OAuth scopes now available


Application developers now have access to more granular scopes, instead of only write:all that gives full read/write access to everything. You can find the list of scopes here:

We will start requiring new applications to use the new scopes in the future.

Note that the now-deprecated "write:all" can still be used for existing apps for the time being, but it is still advised to switch to the new scopes to provide a better user experience.


Users can see an application's granted permissions in its settings.

Migration guide

Existing applications can simply start by requesting the new scopes instead of write:all for their new integrations.

To migrate existing integrations, you should go through the OAuth authorization process again. Note that if you're migrating from a scope which is a superset of the new one (for example migrating from write:all to users:read tickets:read), the user will not be prompted for authorization again, and the whole flow should be automatic.