Permissions API
- Base URL:
https://permissions.sls.epilot.io - Full API Docs: https://docs.epilot.io/api/permissions
Usageโ
import { epilot } from '@epilot/sdk'
epilot.authorize(() => '<token>')
const { data } = await epilot.permissions.listCurrentRoles(...)
Tree-shakeable importโ
import { getClient, authorize } from '@epilot/sdk/permissions'
const permissionsClient = getClient()
authorize(permissionsClient, () => '<token>')
const { data } = await permissionsClient.listCurrentRoles(...)
Operationsโ
Roles
Assignments
Schemas
GrantGrantWithDependenciesGrantConditionEqualsConditionRoleIdBaseRoleBaseRoleForCreateUserRoleOrgRoleShareRolePartnerRolePortalRoleRoleRolePayloadAssignmentInternalAssignmentOrgAssignmentsOrgRolesAssignmentsUserIdOrganizationIdSlugRoleSearchInputCreateRolePayloadError
listCurrentRolesโ
Returns roles and grants assigned to current user
GET /v1/permissions/me
const { data } = await client.listCurrentRoles()
Response
{
"roles": [
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
]
}
listAllRolesโ
Returns list of all roles in organization
GET /v1/permissions/roles
const { data } = await client.listAllRoles()
Response
{
"roles": [
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
]
}
createRoleโ
Create role
POST /v1/permissions/roles
const { data } = await client.createRole(
null,
{},
)
Response
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
searchRolesโ
Search Roles
POST /v1/permissions/roles:search
const { data } = await client.searchRoles(
null,
{
role_ids: ['123:manager', '456:owner'],
org_ids: ['123', '456'],
slugs: ['manager', 'owner'],
query: 'Administrator',
limit: 1,
offset: 1
},
)
Response
{
"hits": 0,
"results": [
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
]
}
getRoleโ
Get role by id
GET /v1/permissions/roles/{roleId}
const { data } = await client.getRole({
roleId: 'example',
})
Response
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
putRoleโ
Create or update role
PUT /v1/permissions/roles/{roleId}
const { data } = await client.putRole(
{
roleId: 'example',
},
{
id: '123:owner',
name: 'Owner',
slug: 'owner',
type: 'user_role',
expires_at: '2028-07-21T17:32:28Z',
organization_id: '123',
grants: [
{
action: 'entity-read',
resource: 'entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947',
effect: 'allow',
conditions: [
{
attribute: 'workflows.primary.task_name',
operation: 'equals',
values: ['Qualification']
}
]
}
],
parent_role: '123:owner'
},
)
Response
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
deleteRoleโ
Delete role by id
DELETE /v1/permissions/roles/{roleId}
const { data } = await client.deleteRole({
roleId: 'example',
})
Response
{
"id": "123:owner",
"name": "Owner",
"slug": "owner",
"type": "user_role",
"expires_at": "2028-07-21T17:32:28Z",
"organization_id": "123",
"grants": [
{
"action": "entity-read",
"resource": "entity:123:contact:f7c22299-ca72-4bca-8538-0a88eeefc947",
"effect": "allow",
"conditions": [
{
"attribute": "workflows.primary.task_name",
"operation": "equals",
"values": ["Qualification"]
}
]
}
],
"parent_role": "123:owner"
}
refreshPermissionsโ
Makes sure the user has a role in the organization
GET /v1/permissions/refresh
const { data } = await client.refreshPermissions()
getAssignedRolesForUserโ
Get list of assigned roles by user id
GET /v1/permissions/assignments/{userId}
const { data } = await client.getAssignedRolesForUser({
userId: 'example',
})
Response
["123:owner"]
assignRolesโ
Assign / unassign roles to users.
PUT /v1/permissions/assignments/{userId}
const { data } = await client.assignRoles(
{
userId: 'example',
},
['123:owner'],
)
Response
["123:owner"]
addAssignmentโ
Assign a user to a role.
POST /v1/permissions/assignments/{userId}/{roleId}
const { data } = await client.addAssignment({
userId: 'example',
roleId: 'example',
})
Response
{
"user_id": "1",
"roles": ["123:owner"]
}
removeAssignmentโ
Remove role assignment from user
DELETE /v1/permissions/assignments/{userId}/{roleId}
const { data } = await client.removeAssignment({
userId: 'example',
roleId: 'example',
})
Response
{
"user_id": "1",
"roles": ["123:owner"]
}
listAllAssignmentsโ
Returns list of all assignments in organization
GET /v1/permissions/assignments
const { data } = await client.listAllAssignments()
Response
{
"assignments": [
{
"user_id": "1",
"roles": ["123:owner"]
}
]
}
Schemasโ
Grantโ
type Grant = {
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}
GrantWithDependenciesโ
type GrantWithDependencies = {
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
dependencies?: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
GrantConditionโ
type GrantCondition = object
EqualsConditionโ
Check if attribute equals to any of the values
type EqualsCondition = {
attribute: string
operation: "equals"
values: unknown[]
}
RoleIdโ
Format: <organization_id>:<slug>
type RoleId = string
BaseRoleโ
type BaseRole = {
id: string
name: string
slug: string
type: string
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
BaseRoleForCreateโ
type BaseRoleForCreate = {
id?: string
name: string
slug: string
type: string
expires_at?: string // date-time
organization_id?: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
UserRoleโ
type UserRole = {
id: string
name: string
slug: string
type: "user_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
parent_role?: object
}
OrgRoleโ
type OrgRole = {
id: string
name: string
slug: string
type: "org_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
pricing_tier?: string
}
ShareRoleโ
type ShareRole = {
id: string
name: string
slug: string
type: "share_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
PartnerRoleโ
type PartnerRole = {
id: string
name: string
slug: string
type: "partner_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
partner_org_id?: object
vendor_enforced_user_limit?: number
}
PortalRoleโ
type PortalRole = {
id: string
name: string
slug: string
type: "portal_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
Roleโ
type Role = {
id: string
name: string
slug: string
type: "user_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
parent_role?: object
} | {
id: string
name: string
slug: string
type: "org_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
pricing_tier?: string
} | {
id: string
name: string
slug: string
type: "share_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
} | {
id: string
name: string
slug: string
type: "partner_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
partner_org_id?: object
vendor_enforced_user_limit?: number
} | {
id: string
name: string
slug: string
type: "portal_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
}
RolePayloadโ
type RolePayload = {
grants?: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
dependencies?: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
}>
}
Assignmentโ
A role attached to an user
type Assignment = {
user_id?: string
roles?: string[]
}
InternalAssignmentโ
A role attached to an user
type InternalAssignment = {
userId?: string
roles?: string[]
}
OrgAssignmentsโ
All roles attached to an users of an organization
type OrgAssignments = {
organizationId?: string
assignments?: Array<{
userId?: string
roles?: string[]
}>
}
OrgRolesโ
All roles attached to an users of an organization
type OrgRoles = {
organizationId?: string
roles?: Array<{
id: string
name: string
slug: string
type: "user_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
parent_role?: object
} | {
id: string
name: string
slug: string
type: "org_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
pricing_tier?: string
} | {
id: string
name: string
slug: string
type: "share_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
} | {
id: string
name: string
slug: string
type: "partner_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
partner_org_id?: object
vendor_enforced_user_limit?: number
} | {
id: string
name: string
slug: string
type: "portal_role"
expires_at?: string // date-time
organization_id: string
grants: Array<{
action: { ... }
resource?: { ... }
effect?: { ... }
conditions?: { ... }
}>
}>
}
Assignmentsโ
List of role ids attached to an user
type Assignments = string[]
UserIdโ
Id of a user
type UserId = string
OrganizationIdโ
Id of an organization
type OrganizationId = string
Slugโ
Slug of a role; for a role with id = 123:manager -> 123 is org_id & manager is slug
type Slug = string
RoleSearchInputโ
type RoleSearchInput = {
role_ids?: string[]
org_ids?: string[]
slugs?: string[]
query?: string
limit?: number
offset?: number
}
CreateRolePayloadโ
type CreateRolePayload = {
grants: Array<{
action: string
resource?: string
effect?: "allow" | "deny"
conditions?: object[]
}>
id?: string
name: string
slug: string
type: string
expires_at?: string // date-time
organization_id?: string
}
Errorโ
Error response
type Error = {
message: string
}