> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Web API error 404 and token scopes

If you receive a 404 error from the [Semgrep Web API](/api-reference/Introduction), and you are sure the deployment, API endpoint, and other details are correct, you may be trying to use a token that does not have the **Web API** scope assigned.

Semgrep AppSec Platform supports two primary token scopes: **Agent (CI)** and **Web API**. See [Token scopes](/deployment/tokens#token-scopes) for details of their permissions.

Tokens with only the **Agent (CI)** scope can connect scans with the platform to request rules, send findings, and post PR/MR comments, but they cannot use the Web API. They are intended for use locally or in CI.

## Add scopes to a token

You must be an `admin` to perform this operation. Member users cannot access tokens in the Semgrep AppSec Platform.

<Steps>
  <Step>
    Log in to Semgrep AppSec Platform and navigate to [**Settings > Tokens**](https://semgrep.dev/orgs/-/settings/tokens/).
  </Step>

  <Step>
    Identify the related token, and click the <Icon icon="pen-to-square" iconType="regular" /> icon to edit the token.
  </Step>

  <Step>
    Click **Web API** under **Token scopes**.
  </Step>
</Steps>

If the token does not appear in the **API Tokens** section, it is a Member-scoped CLI token whose permissions cannot be escalated. Create a new token on the Settings page instead, and make sure to check the **Web API** box.