Get permissions associated with an access token.

Returns authorization related information for the specified access token. This endpoint can be used by authorizers to determine whether a user is allowed to access an API or not. It can also be used by GUI portals to provide a better UX experience by hiding pages and buttons the user is not allowed to access.

REST API authorizers should make use of the permissions property, which contains permissions grouped by resources. API authorizers must find the permissions associated with their resource and check for the presence of any required permissions when authorizing users. Permissions belonging to other resources should be discarded.

The solutions property determines which solutions a user has access to and depends on which domain the user belongs to. REST API authorizers may combine specific permissions with solutions when determining whether a user is allowed to access an endpoint or not.

GUI portal implementations wishing to provide better UX can use values present in solutions, roles, and/or accessRights to lock down functionality and hide content the user is not allowed to view. Note that this should be viewed as a UX improvement and NOT a substitute for API authorization checks. An API must always implement authorization checks based on which permissions a user has.

It is encouraged to cache this response but not for too long. Refer to relevant security guidelines when determining cache time-to-live.

If the token is invalid (e.g. if it has been revoked or expired) then a 401 response will be returned.

Responses

• 200
• 401

---

Contains all kinds of permissions associated with the access token.

application/json

• Schema
• Example (from schema)

---

Schema

• domainId string

  Hierarchical identifier for a domain. Used to identify which domain a user belongs to and whether a user has access to a domain.

• roles string[]

  Contains list of roles. Only the role's name is displayed.

• accessRights string[]

  Contains a list of access rights. Only the access right's name is listed.

• solutions string[]

  Contains list of solutions.

• permissions object

  Permissions sorted by the resource they belong to.

  description

  type

  items string

  Name of the permission.

{
  "domainId": "abcd1234-efgh1234",
  "roles": [
    "Subscription ordering"
  ],
  "accessRights": [
    "device-ordering"
  ],
  "solutions": [
    "iot-complete"
  ],
  "permissions": {
    "user-management-resource": [
      "domains-read"
    ],
    "iot-complete-resource": [
      "subscription-monitoring"
    ]
  }
}

Invalid or missing access token (JWT).

Loading...