Permissions

GET /api/v1/permissions
Query Parameters
Response — resolve
Response — list
POST /api/v1/permissions
Request Body
Response (201)

The Permissions API provides fine-grained RBAC capabilities beyond the base roles (viewer, editor, admin). It supports custom roles with specific permission sets.

GET /api/v1/permissions

List all available permissions or resolve the current user’s effective permissions.

Query Parameters

Parameter	Type	Required	Description
`action`	string	No	`list` to list all permissions, `resolve` to get current user’s permissions (default: `resolve`)

Response — `resolve`

{
  "role": "editor",
  "userId": "user_abc123",
  "permissions": [
    "offers.read",
    "offers.write",
    "channels.read",
    "channels.write",
    "decision_flows.read",
    "decision_flows.write"
  ],
  "totalPermissions": 6
}

Response — `list`

{
  "permissions": [
    "offers.read",
    "offers.write",
    "offers.delete",
    "channels.read",
    "channels.write",
    "decision_flows.read",
    "decision_flows.write",
    "decision_flows.publish",
    "users.manage",
    "settings.manage"
  ]
}

POST /api/v1/permissions

Assign a custom role to a user. Admin only.

Request Body

Field	Type	Required	Description
`userId`	string	Yes	User ID to assign the role to
`roleId`	string	Yes	Custom role ID

Response (201)

{
  "id": "clx...",
  "userId": "user_abc123",
  "roleId": "role_marketing_editor",
  "tenantId": "my-tenant"
}

Users API API Keys

⌘I

Overview

Core APIs

Studio

Data

Algorithms

Content & Metrics

Orchestration

Customers & Traces

Events & Attribution

Analytics

AI

Testing & Simulation

Export & Import

Admin

GET /api/v1/permissions

Query Parameters

Response — `resolve`

Response — `list`

POST /api/v1/permissions

Request Body

Response (201)

Overview

Core APIs

Studio

Data

Algorithms

Content & Metrics

Orchestration

Customers & Traces

Events & Attribution

Analytics

AI

Testing & Simulation

Export & Import

Admin

​GET /api/v1/permissions

​Query Parameters

​Response — resolve

​Response — list

​POST /api/v1/permissions

​Request Body

​Response (201)

GET /api/v1/permissions

Query Parameters

Response — `resolve`

Response — `list`

POST /api/v1/permissions

Request Body

Response (201)