diff --git a/src/js/client.js b/src/js/client.js
index acb4ae0b8..316a05436 100644
--- a/src/js/client.js
+++ b/src/js/client.js
@@ -767,8 +767,12 @@ angular.module('Application').service('Client', ['$http', '$interval', 'md5', 'N
         }).error(defaultErrorHandler(callback));
     };
 
-    Client.prototype.createTokenByClientId = function (id, expiresAt, callback) {
-        post('/api/v1/oauth/clients/' + id + '/tokens?expiresAt=' + expiresAt).success(function(data, status) {
+    Client.prototype.createTokenByClientId = function (id, scope, expiresAt, callback) {
+        var data = {
+            scope: scope,
+            expiresAt: expiresAt
+        };
+        post('/api/v1/oauth/clients/' + id + '/tokens, data).success(function(data, status) {
             if (status !== 201) return callback(new ClientError(status, data));
             callback(null, data.token);
         }).error(defaultErrorHandler(callback));
diff --git a/src/views/tokens.js b/src/views/tokens.js
index 6e4c7ee2e..db92691d5 100644
--- a/src/views/tokens.js
+++ b/src/views/tokens.js
@@ -116,7 +116,7 @@ angular.module('Application').controller('TokensController', ['$scope', 'Client'
 
             var expiresAt = Date.now() + 100 * 365 * 24 * 60 * 60 * 1000;   // ~100 years from now
 
-            Client.createTokenByClientId(client.id, expiresAt, function (error, result) {
+            Client.createTokenByClientId(client.id, '*' /* scope */, expiresAt, function (error, result) {
                 if (error && error.statusCode === 412) {
                     var actionScope = $scope.$new(true);
                     actionScope.action = '/#/settings';