Permissions
Permissions offer fine-grained control over your Application's access to different resources within your Tenant. We suggest minimizing the scope of your Applications, and to not share Applications across your internal services.
Permissions are associated with every Application and can be configured when you create an Application or update an Application.
Every API endpoint will document the required permissions needed to perform the operation against the endpoint.
List Permissions
Gets the list of all supported permissions.
GET
https://api.basistheory.com/permissionsRequest
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/permissions" \
-H "BT-API-KEY: <API_KEY>"
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("<API_KEY>");
const permissions = await bt.permissions.list();
using BasisTheory.net.Api;
using BasisTheory.net.Client;
using BasisTheory.net.Model;
Configuration config = new Configuration();
config.BasePath = "https://api.basistheory.com";
config.AddApiKey("BT-API-KEY", "YOUR_API_KEY");
var apiInstance = new PermissionsApi(config);
var applicationType = "";
List<Permission> result = apiInstance.Get(applicationType);
import com.basistheory.*;
import com.basistheory.auth.*;
import java.util.List;
public class App {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("<API_KEY>");
PermissionsApi apiInstance = new PermissionsApi(defaultClient);
String applicationType = null;
Integer version = null;
List<Permission> result = apiInstance.get(applicationType, version);
}
}
import basistheory
from basistheory.api import permissions_api
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="<API_KEY>")) as api_client:
permissions_client = permissions_api.PermissionsApi(api_client)
permissions = permissions_client.get()
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "<API_KEY>"},
})
permissions, httpResponse, err := apiClient.PermissionsApi.Get(contextWithAPIKey).Execute()
}
Query Parameters
Parameter | Required | Type | Default | Description |
---|---|---|---|---|
application_type | false | string | null | Application type to filter permissions by |
Response
Returns an array of permission objects. Returns an error if permissions could not be retrieved.
[
{
"type": "token:read",
"description": "Read tokens",
"application_types": [
"private"
]
},
{...},
{...}
]
Permission Object
Attribute | Type | Description |
---|---|---|
type | string | Permission type referenced by Basis Theory API endpoints |
description | string | Description of the permission |
application_types | array | List of application types that can assign the permission |
Permission Types
Permission | Description | Application Types |
---|---|---|
token:create | Create Tokens | public private |
token:update | Update Tokens | public private |
token:read | Read Tokens | private |
token:search | Search Tokens | private |
token:delete | Delete Tokens | private |
token:use | Use Tokens in Basis Theory Services (e.g., Proxy, Reactors) | private |
tenant:read | Read Tenants | management |
tenant:update | Update Tenants | management |
tenant:delete | Delete Tenants | management |
application:read | Read Applications | management |
application:create | Create Applications | management |
application:update | Update and regenerate API keys for Applications | management |
application:delete | Delete Applications | management |
log:read | Read audit logs | management |
reactor:read | Read Reactors | management |
reactor:create | Create Reactors | management |
reactor:update | Update Reactors | management |
reactor:delete | Delete Reactors | management |
proxy:read | Read Proxies | management |
proxy:create | Create Proxies | management |
proxy:update | Update Proxies | management |
proxy:delete | Delete Proxies | management |
tenant:member:read | Read Tenant Members | management |
tenant:member:update | Update Tenant Members | management |
tenant:member:delete | Delete Tenant Members | management |
tenant:invitation:create | Create Tenant Invitations | management |
tenant:invitation:read | Read Tenant Invitations | management |
tenant:invitation:update | Update Tenant Invitations | management |
tenant:invitation:delete | Delete Tenant Invitations | management |
report:read | Read reports | management |