<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=31619) </details> <!--IssueSummary end--> ### Problem to solve Allow developers and companies to build applications that hit the Gitlab API without seeing every single group/project. Right now the only way to develop any helper scripts or apps that need to download or interact with Gitlab have overly broad scope which is a security nightmare. API access should be able to be restricted to a user's account, a group or even just select repositories. ### Intended users Companies that are on Gitlab.com and allow developers to use private Gitlab accounts to work in company groups. Developers that are security conscious and don't want to build applications that interact with Gitlab with more permissions than required. ### Further details Main benefit is reduced security risks for developers and companies integrating with the Gitlab API. <!-- Include use cases, benefits, and/or goals (contributes to our vision?) --> ### Proposal <!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey --> ### Permissions and Security <!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? --> ### Documentation <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements --> ### Testing <!-- What risks does this change pose? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? See the test engineering process for further help: https://about.gitlab.com/handbook/engineering/quality/test-engineering/ --> ### What does success look like, and how can we measure that? <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. --> ### Links / references Related Issue that would solve a little of this: gitlab-ce#59336 Original place I submitted this issue: gitlab-ce#67006