Verifying
Verifying permissions through the API
Once a key is generated, you can verify it using the verify endpoint. Our system verifies whether the key has the necessary permissions to perform the requested action(s). If the user’s role grants the required permissions, the request is allowed to proceed; otherwise, access is denied.
This will return valid if the key has the permission: admin
Sometimes you just don’t know what permissions are required before loading resources from your database. In these cases you can manually check permissions as well.
Verify
Verify the key and all permissions that you already know before needing to query your database.
If the response is invalid, you can return early.
Query your database
The key is at least valid, so you can query our database to fetch more information.
Verify Permissions
The verification response from step 1 includes all permissions attached to the keys and looks something like this:
Use the attached permissions and the context loaded from your database to determine if you should proceed handling the request or returning an authorization error.
Was this page helpful?