Scopes/Permissions/Resource Servers API documentation - PATCH

I’d like to point out that the documentation for PATCH on the /api/v2/resource-servers/{id} endpoint requires further clarification.

As I’ve experienced, and as pointed out in this topic:

…it is very easy to miss the fact that PATCH will replace/overwrite ALL of the Resource Server’s scopes/permissions.

I had to spend the entire day setting up what was lost due to a single API request, which I thought would append a single Permission to an existing API.

I believe the documentation should either warn about this behavior in large, bold font, or the API behavior should be changed to what some might consider the “expected behavior”.

If PATCH's behavior is as intended, maybe Auth0 should consider adding an API endpoint that only appends a permission/scope to an existing set of scopes for a certain API.

I find it a bit odd that I am required to first fetch all existing scopes, append my new scope to the list, and then issue a PATCH request.

Am I alone here? Doesn’t this seem like the more common scenario?

1 Like

In case it helps anyone, here’s how I ended up doing it using a shell script:

Hopefully Auth0 will add an “append” method to the API in the future.