API Permissions Reference
Permission strings for each endpoint
What it is
API keys require specific permissions to access each endpoint. This reference lists the permission string for every API route.
Permission format
{resource}.{action} where resource = first path segment (e.g. clients), action = read, create, update, or delete.
Full permission table
| Endpoint | Method | Permission |
|---|---|---|
| /clients | GET | clients.read |
| /clients | POST | clients.create |
| /clients/{id} | GET | clients.read |
| /clients/{id} | PUT | clients.update |
| /clients/{id} | DELETE | clients.delete |
| /products | GET, POST | products.read, products.create |
| /products/pricing | GET | products.read |
| /products/{id} | GET, PUT, DELETE | products.read, products.update, products.delete |
| /services | GET, POST | services.read, services.create |
| /services/{id} | GET, PUT, DELETE | services.read, services.update, services.delete |
| /services/{id}/provision, suspend, unsuspend, terminate | POST | services.update |
| /invoices | GET, POST | invoices.read, invoices.create |
| /invoices/{id} | GET, PUT | invoices.read, invoices.update |
| /invoices/{id}/pay | POST | invoices.update |
| /payments | GET, POST | payments.read, payments.create |
| /servers | GET, POST, PUT, DELETE | servers.read, servers.create, etc. |
| /api-keys | GET, POST, PUT, DELETE, revoke, rotate | api-keys.* |
| /webhooks | GET, POST, PUT, DELETE | webhooks.* |
| /audit-log | GET | audit-log.read |
Wildcards
Use client.* for all client operations, or * for full access.
Was this helpful?