Skip to content

Get Admin Permissions

EndpointMethod
/api/admin/permissionsGET

Returns the authenticated token's effective permissions so you can gate UI up front — show or hide buttons, menus and actions without triggering trial-and-error 403 responses.

The response is a one-element array describing the token's access.

Response Fields

FieldTypeDescription
idstringIdentifier of the permissions payload (permissions).
permissionTypestringOne of all, custom, or same_as_web.
permissionsarrayThe granted ACL keys, or ["*"] for full access.

permissionType semantics:

  • all — full access. permissions is ["*"].
  • custompermissions lists the explicitly granted ACL keys.
  • same_as_web — the token follows the admin's web role; permissions lists the keys that role currently grants.

In every case the effective permissions are capped by the admin's role — a token can never do more than its owner admin can currently do.

Errors

A request without a valid token returns 401 Unauthorized.

All admin endpoints require an admin Bearer token — see Authentication.

Released under the MIT License.