| CARVIEW |
Select Language
HTTP/2 200
content-type: text/html
date: Thu, 24 Jul 2025 18:13:09 GMT
x-b3-traceid: 0717e0d9391843fdaf5170f6bcd71300
x-b3-spanid: 7fbd897d483eafcd
x-b3-parentspanid: 96cbd0ad13b0cb31
x-b3-sampled: 0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
set-cookie: _csrf=Od9wu5R0ooVvQ2d5vQnnfBB7; Path=/; HttpOnly; Secure
cache-control: max-age=30, s-maxage=30, stale-while-revalidate=30, stale-if-error=30, no-cache="Set-Cookie"
content-security-policy-report-only: default-src 'self'; base-uri 'self'; font-src 'self' fonts.gstatic.com *.atlassian.com data:; worker-src blob:; media-src 'self' api.media.atlassian.com *.atlassian.com; img-src data: blob: 'self' *.badgen.net *.youtube.com atlassian.wpengine.netdna-cdn.com global.discourse-cdn.com img.shields.io *.atlassian.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.gstatic.com *.wp.com cdn.cookielaw.org *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net images.ctfassets.net *.public.atl-paas.net trello.com trello-backgrounds.s3.amazonaws.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.google.com *.atlassian.com *.gravatar.com; frame-src 'self' *.atlassian.com *.atl-paas.net *.googletagmanager.com player.vimeo.com trello.com www.youtube.com www.figma.com; connect-src 'self' *.googletagmanager.com *.algolianet.com *.algolia.net *.clicktale.net *.launchdarkly.com *.trello.com *.doubleclick.net *.qualtrics.com *.onetrust.com *.sentry.io cdn.segment.com api.segment.io www.google-analytics.com cdn.cookielaw.org *.atlassian.com *.algolia.io *.google.com; report-uri https://web-security-reports.services.atlassian.com/csp-report/dac; object-src 'none'; style-src 'self' *.trellocdn.com *.atlassian.com 'unsafe-inline'; script-src 'nonce-G2zqVfnSAeLTfTQLkLLFlo3rXu37J4WH4QKrsNIfQwI=' 'self' 'sha256-Nt9ereHaxV04RZ20OLtdR3uuFr1X0/Pbt5KbGls/wXg=' https://www.googleadservices.com https://player.vimeo.com/api/player.js *.segment.com *.clicktale.net mscgen.js.org *.qualtrics.com *.trellocdn.com *.atlassian.com www.googletagmanager.com www.google-analytics.com https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://run.pstmn.io/button.js *.atl-paas.net https://srm.bf.contentsquare.net/exist
server: AtlassianEdge
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
atl-traceid: 0717e0d9391843fdaf5170f6bcd71300
atl-request-id: 0717e0d9-3918-43fd-af51-70f6bcd71300
strict-transport-security: max-age=63072000; preload
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
content-encoding: gzip
x-ratelimit-limit: 400, 400;w=60
x-ratelimit-remaining: 399
x-ratelimit-reset: 51
server-timing: atl-edge;dur=884,atl-edge-internal;dur=14,atl-edge-upstream;dur=872,atl-edge-pop;desc="aws-ap-south-1"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 13b043a2bcb396a6ddc6a147f4288230.cloudfront.net (CloudFront)
x-amz-cf-pop: MAA51-P2
x-amz-cf-id: CTDqrGrjEVFElI4EBRZhfKXlG9pZGLd5RZyQlKvILiginXTqwsuupg==
Scopes
Support for Server products ended Feb. 15, 2024. Learn what this means for you.
Last updated Dec 8, 2017
Scopes
The HipChat REST API endpoints are safeguarded by API scopes.
Your add-on must declare the scopes it requires based on which API endpoints it needs to use, via its descriptor. For example, an add-on with the following descriptor will be able to use the REST API endpoints to send notification messages to HipChat rooms, and create/archive/manage HipChat rooms:
1 2"capabilities": { "hipchatApiConsumer": { "scopes": [ "send_notification", "manage_rooms" ] } }
When installing your add-on, users are presented with a dialog listing the scopes your add-on requested, and must accept these scopes before the installation continues.
Available scopes
| Scope | Access |
|---|---|
| admin_group | Perform group administrative tasks |
| admin_room | Perform room administrative tasks |
| manage_rooms | Create, update, and remove rooms |
| send_message | Send private one-on-one messages |
| send_notification | Send room notifications |
| view_group | View users, rooms, and other group information |
| view_messages | View messages from chat rooms and private chats you have access to |
| view_room | View room information and participants, but not history |
Rate this page: