API Reference
Identity Platform
Access Control

Access Control API

ตรวจสอบสิทธิ์

POST /access/check
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "userId": "usr_xxxx",
  "permission": "console.users.read",
  "context": {
    "orgId": "org_xxxx"
  }
}

Response:

{ "allowed": true }

Target latency: < 50 ms p99.


Permissions

ลงทะเบียน permissions (namespace)

POST /access/permissions
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "namespace": "my-product",
  "permissions": [
    { "key": "my-product.reports.read", "description": "View reports" }
  ]
}

ดู permissions ทั้งหมด

GET /access/permissions?namespace=console&limit=50
Authorization: Bearer <token>

Roles

ดู roles ทั้งหมด

GET /access/roles
Authorization: Bearer <token>

ดู role

GET /access/roles/:id
Authorization: Bearer <token>

สร้าง role

POST /access/roles
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "name": "content-editor",
  "permissions": ["content-os.access", "content-os.calendar.write"]
}

แก้ไข permissions ของ role

PATCH /access/roles/:id
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "permissions": ["content-os.access", "content-os.calendar.read"]
}

ลบ role

DELETE /access/roles/:id
Authorization: Bearer <token>

Assignments

กำหนด role ให้ user

POST /access/assignments
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "userId": "usr_xxxx",
  "roleId": "role_xxxx",
  "context": { "orgId": "org_xxxx" }
}

ดู assignments ของ user

GET /identity/users/:userId/assignments
Authorization: Bearer <token>

ยกเลิก assignment

DELETE /access/assignments/:assignmentId
Authorization: Bearer <token>

Access Control API

Check permission

POST /access/check
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "userId": "usr_xxxx",
  "permission": "console.users.read",
  "context": {
    "orgId": "org_xxxx"
  }
}

Response:

{ "allowed": true }

Target latency: < 50 ms p99.


Permissions

Register permissions (namespace)

POST /access/permissions
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "namespace": "my-product",
  "permissions": [
    { "key": "my-product.reports.read", "description": "View reports" }
  ]
}

List permissions

GET /access/permissions?namespace=console&limit=50
Authorization: Bearer <token>

Roles

List roles

GET /access/roles
Authorization: Bearer <token>

Get role

GET /access/roles/:id
Authorization: Bearer <token>

Create role

POST /access/roles
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "name": "content-editor",
  "permissions": ["content-os.access", "content-os.calendar.write"]
}

Update role permissions

PATCH /access/roles/:id
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "permissions": ["content-os.access", "content-os.calendar.read"]
}

Delete role

DELETE /access/roles/:id
Authorization: Bearer <token>

Assignments

Assign role to user

POST /access/assignments
Authorization: Bearer <token>
Content-Type: application/json
 
{
  "userId": "usr_xxxx",
  "roleId": "role_xxxx",
  "context": { "orgId": "org_xxxx" }
}

List user's assignments

GET /identity/users/:userId/assignments
Authorization: Bearer <token>

Revoke assignment

DELETE /access/assignments/:assignmentId
Authorization: Bearer <token>