Get Admin Permissions
| Endpoint | Method |
|---|---|
/api/admin/permissions | GET |
Returns the authenticated token's effective permissions so you can gate UI up front — show or hide buttons, menus and actions without triggering trial-and-error 403 responses.
The response is a one-element array describing the token's access.
Response Fields
| Field | Type | Description |
|---|---|---|
id | string | Identifier of the permissions payload (permissions). |
permissionType | string | One of all, custom, or same_as_web. |
permissions | array | The granted ACL keys, or ["*"] for full access. |
permissionType semantics:
all— full access.permissionsis["*"].custom—permissionslists the explicitly granted ACL keys.same_as_web— the token follows the admin's web role;permissionslists the keys that role currently grants.
In every case the effective permissions are capped by the admin's role — a token can never do more than its owner admin can currently do.
Errors
A request without a valid token returns 401 Unauthorized.
All admin endpoints require an admin Bearer token — see Authentication.

