Permissions and Scopes
Permissions and scopes decide what an authenticated caller is allowed to do after passing the base authentication checks.
Web Chain
In the WEB chain, access is typically shaped by:
- portal type
- user role
- workspace membership
- endpoint-level permission checks
API Chain
In the API chain, access is typically shaped by:
- whether the endpoint is API-exposed at all
- the scope bound to the endpoint
- the scopes bound to the API key
Important Rule
An endpoint can be fully documented and still be unavailable to the API chain. If it does not declare API scope support, the request is denied by design.