Skip to main content

Overview

The Permission Introspection API allows you to verify if a user has the necessary permissions to perform specific actions within an organization. This is crucial for implementing fine-grained access control in your application.

Check User Permissions

In order to check if a user is allowed to perform some action/permission in a given org below endpoint can be used 
curl --request POST \
  --url https://dev-iam.razi.ai/v1/authorization/organizations/21892002/users/21892002900/permissions \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --header 'X-App-Name: ' \
  --data '{
  "actions": [
    "read",
    "write"
  ]
}'
The above endpoint will return a response containing all the permissions allowed for the user, if user has no permission an empty array will be returned
Link to Playground