diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 09a5a462a..30e97d75e 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -1245,6 +1245,7 @@ class ApiController(RedditController, OAuth2ResourceController):
         sr._commit()
         jquery.refresh()
 
+    @require_oauth2_scope("report")
     @noresponse(VUser(), VModhash(),
                 thing = VByName('id'))
     @api_doc(api_section.links_and_comments)
@@ -2491,6 +2492,7 @@ class ApiController(RedditController, OAuth2ResourceController):
     def POST_read_message(self, things):
         self.unread_handler(things, False)
 
+    @require_oauth2_scope("report")
     @noresponse(VUser(),
                 VModhash(),
                 thing = VByName('id', thing_cls=Link))
@@ -2506,6 +2508,7 @@ class ApiController(RedditController, OAuth2ResourceController):
         if not thing: return
         thing._hide(c.user)
 
+    @require_oauth2_scope("report")
     @noresponse(VUser(),
                 VModhash(),
                 thing = VByName('id'))
diff --git a/r2/r2/models/token.py b/r2/r2/models/token.py
index 1c956d9a0..1397fbf93 100644
--- a/r2/r2/models/token.py
+++ b/r2/r2/models/token.py
@@ -173,6 +173,12 @@ class OAuth2Scope:
             "name": _("Read Content"),
             "description": _("Access posts and comments through my account."),
         },
+        "report": {
+            "id": "report",
+            "name": _("Report content"),
+            "description": _("Report content for rules violations. "
+                             "Hide & show individual submissions."),
+        },
         "save": {
             "id": "save",
             "name": _("Save Content"),