Get Available Permissions
GET
/web/v1/workspaces/{workspaceId}/api-keys/available-permissionsJWTReturns the list of permission codes that can be assigned to API keys in the specified workspace.
Authentication
Auth Chain: WEB Chain — requires
Authorization: Bearer <jwt>Requires workspace OWNER role. These headers are injected by the system (frontend does nothing):X-PORTAL-ACCESS-CODE(Nginx),X-Request-Id(Gateway)
Request Parameters
| Name | Type | Required | In | Description |
|---|---|---|---|---|
workspaceId | string | Yes | path | Workspace business ID |
Success Response
Success200
{
"version": "1.3.0",
"timestamp": 1709337600000,
"success": true,
"code": "2000",
"message": "SUCCESS",
"data": [
"payment:read",
"payment:write",
"transfer:read",
"transfer:write",
"wallet:read"
]
}Error Responses
Unauthorized401
{
"success": false,
"code": "4010",
"message": "Invalid or expired token"
}Forbidden — not workspace owner403
{
"success": false,
"code": "4030",
"message": "Only workspace owner can manage API keys"
}Notes
- Use this endpoint to populate permission selection UI when creating or updating API keys.
- Only workspace OWNERs can access this endpoint.