1. Go to Authorize > API Services, and click the API service that you want to edit.
  2. To edit service settings, click the More Options (⋮) icon next to the API service name, and then select Edit :
    1. Change the Name or the Base URLs.
    2. Click Save.
  3. To add an operation, click the Operations tab, and then click Define Operation. Complete settings to define the operation.
  4. To edit an operation, click the Operations tab, click the More Options (⋮) icon next to the operation name, and then select Edit Operation:
    1. Change Methods, Paths, or the operation Name.
    2. In Access Rules, change the Groups that are granted access to the operation, or the scopes that must be authorized, and then click Save.
      Screen capture showing the groups and scopes basic access rules.
  5. To edit the API service’s authorized scopes, on the Advanced tab, click the Pencil icon.

    Scopes determine the resources that a client can access.

    Note:

    The Advanced tab is not available when user directory services and access token validation are managed externally. In this case, use your external provider, such as PingFederate, to configure authorized scopes.

    1. Change a scope Name or Description.
    2. To add a scope, click +Add, and then enter a Name and Description for the scope.
    3. To remove a scope, click the Delete icon next to the description.
    4. Click Save.
  6. To configure the access token for the API service:
    1. On the Advanced tab, click Configure Access Token.
    2. Edit the scopes assigned to the resource.

      For more information, see Editing a resource.

    3. Click Save.
  7. To edit custom policies for the API service, go to Authorize > Policies, and select the policy in the API Access Management policy tree.

    You can edit any of the policies that are nested under Custom policy sets.

  8. Update the policy, and then click Save changes.