Get the list of available permissions
System Permissions
List System Permissions
Returns a list of all available system permissions.
By default, permissions are grouped by category (e.g., admin, user-management, ticketing).
If the noGrouping query parameter is set to true, the endpoint returns a flat array instead.
⚠️ This endpoint replaces the legacy
/api-keys/scopesroute.Accessible only to admin users.
GET
Get the list of available permissions
Returns a list of all available system permissions. By default, permissions are grouped by category (e.g., admin, user-management, ticketing). If the
noGrouping query parameter is set to true, the endpoint returns a flat array instead. This endpoint replaces the legacy /api-keys/scopes route and is accessible only to admin users.
Request
Headers
| Name | Type | Required | Description |
|---|---|---|---|
| Authorization | string | Yes | Bearer token |
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| noGrouping | boolean | No | Return flat array instead of grouped by category |
Parameter Details
- noGrouping: Default
false - When
false: Returns permissions grouped by category - When
true: Returns permissions as a flat array
Response
200 OK - Successfully retrieved permissions list (grouped)
200 OK - Successfully retrieved permissions list (flat array)
401 Unauthorized
403 Forbidden
500 Internal Server Error
Examples
Get grouped permissions (default)
Get flat array of permissions
Data Fields Explained
Permission Object
| Field | Type | Description |
|---|---|---|
| permission | string | Permission identifier (e.g., “users.view”) |
| description | string | Human-readable description of permission |
| category | string | Permission category for grouping |
Permission Categories
Admin
| Permission | Description |
|---|---|
| * | All permissions - Full system access |
User Management
| Permission | Description |
|---|---|
| users.manage | Create, update, or delete user accounts |
| users.view | View user profiles and information |
| users.permissions | Manage user permissions and roles |
Ticketing
| Permission | Description |
|---|---|
| tickets.view | View tickets in the helpdesk system |
| tickets.manage | Create, update, or delete tickets |
| tickets.export | Export ticket data and reports |
Departments
| Permission | Description |
|---|---|
| departments.view | View department information and hierarchy |
| departments.manage | Create, update, or delete departments |
| departments.assign | Assign users to departments and manage roles |
Email Meter
| Permission | Description |
|---|---|
| email-meter.view | View email analytics and statistics |
| email-meter.export | Export email analytics data |
Transcription
| Permission | Description |
|---|---|
| transcription.view | View audio transcriptions |
| transcription.manage | Create, update, or delete transcriptions |
Use Cases
- Role Management: Build user role assignment interfaces
- Access Control: Implement permission-based access control
- Admin Panels: Create admin permission management tools
- API Documentation: Document available system permissions
- Security Auditing: Review and audit system permissions
Implementation Examples
React Permission Selector Component
Permission Validation Middleware
Permission Tree Component
Best Practices
- Caching: Cache permission data for user sessions
- Admin Only: Ensure only admin users can access this endpoint
- Error Handling: Handle 403 errors for non-admin users
- Performance: Use flat array for better performance with many permissions
- Security: Validate permissions on both client and server side
Security Considerations
- Admin Access: This endpoint should only be accessible to admin users
- Permission Validation: Always validate permissions on server side
- Token Security: Ensure JWT tokens are properly validated
- Audit Logging: Log permission access for security auditing
Related Endpoints
- Use
/users/add-permissionsto assign permissions to users - Use
/users/remove-permissionsto remove permissions from users - Use
/auth/validate-sessionto check current user permissions
Notes
- Replaces legacy
/api-keys/scopesendpoint - Permissions are hierarchical - admin ”*” includes all other permissions
- Categories help organize permissions logically
- Flat array format is useful for programmatic permission checking
- Permission list may change as system features are added or removed
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Query Parameters
If set to true, permissions are returned as a flat array instead of being grouped by category.