diff --git a/netbox/extras/api/serializers_/scripts.py b/netbox/extras/api/serializers_/scripts.py
index a26b5daca..2d450dc8a 100644
--- a/netbox/extras/api/serializers_/scripts.py
+++ b/netbox/extras/api/serializers_/scripts.py
@@ -1,5 +1,5 @@
 from django.core.files.storage import storages
-from django.utils.translation import gettext as _
+from django.utils.translation import gettext_lazy as _
 from drf_spectacular.utils import extend_schema_field
 from rest_framework import serializers
 
@@ -19,7 +19,7 @@ __all__ = (
 
 
 class ScriptModuleSerializer(ValidatedModelSerializer):
-    url = None
+    url = serializers.SerializerMethodField(read_only=True)
     data_source = DataSourceSerializer(nested=True, required=False, allow_null=True)
     data_file = DataFileSerializer(nested=True, required=False, allow_null=True)
     upload_file = serializers.FileField(write_only=True, required=False, allow_null=True)
@@ -28,11 +28,17 @@ class ScriptModuleSerializer(ValidatedModelSerializer):
     class Meta:
         model = ScriptModule
         fields = [
-            'id', 'display', 'file_path', 'upload_file',
+            'id', 'url', 'display', 'file_path', 'upload_file',
             'data_source', 'data_file', 'auto_sync_enabled',
             'created', 'last_updated',
         ]
-        brief_fields = ('id', 'display')
+        brief_fields = ('id', 'url', 'display')
+
+    @extend_schema_field(serializers.URLField())
+    def get_url(self, obj):
+        from rest_framework.reverse import reverse
+        request = self.context.get('request')
+        return reverse('extras-api:script-list', request=request)
 
     def validate(self, data):
         upload_file = data.pop('upload_file', None)
diff --git a/netbox/extras/api/views.py b/netbox/extras/api/views.py
index 8944dc207..ad4bdbe23 100644
--- a/netbox/extras/api/views.py
+++ b/netbox/extras/api/views.py
@@ -267,6 +267,8 @@ class ConfigTemplateViewSet(SyncedDataMixin, ConfigTemplateRenderMixin, NetBoxMo
 
 @extend_schema_view(
     create=extend_schema(request=serializers.ScriptModuleSerializer),
+    update=extend_schema(responses=serializers.ScriptSerializer),
+    partial_update=extend_schema(responses=serializers.ScriptSerializer),
 )
 class ScriptViewSet(ModelViewSet):
     permission_classes = [IsAuthenticatedOrLoginNotRequired]
@@ -311,13 +313,13 @@ class ScriptViewSet(ModelViewSet):
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
     def update(self, request, *args, **kwargs):
-        if not request.user.has_perm('extras.change_script'):
-            raise PermissionDenied(_("This user does not have permission to modify scripts."))
+        if not request.user.has_perm('extras.change_scriptmodule'):
+            raise PermissionDenied(_("This user does not have permission to modify script modules."))
         return super().update(request, *args, **kwargs)
 
     def destroy(self, request, *args, **kwargs):
-        if not request.user.has_perm('extras.delete_script'):
-            raise PermissionDenied(_("This user does not have permission to delete scripts."))
+        if not request.user.has_perm('extras.delete_scriptmodule'):
+            raise PermissionDenied(_("This user does not have permission to delete script modules."))
         return super().destroy(request, *args, **kwargs)
 
     def _get_script(self, pk):