Authentication

Permissions

See which permissions an API key can use and what each permission unlocks.

Modified at Apr 28, 2026, 05:38 AM UTC

Permissions define the authenticated API features a key can access. The dashboard and GET /api/me expose these permissions so users do not have to infer access from errors.

When creating an API key, the dashboard groups grantable permissions by product area and lets you review the selected codes before the key is created. After creation, the key detail page shows the saved permission set so the user can audit what the key can do.

How availability works

The picker only shows permissions that the current account can grant to this key type. Unsupported or higher-privilege permissions are not selectable for that key. Use GET /api/me to inspect the effective permissions used by a request.

Common Client Permissions

Area	Permission code	Description
Public	public.service.read	Read public services listing.
User	user.me.read	Read current authenticated principal.
Wallet	wallet.balance.read	Read wallet balance.
Wallet	wallet.ledger.read	Read wallet ledger mutations.
Deposit	deposit.provider.list	List available deposit providers.
Deposit	deposit.create	Create deposit.
Deposit	deposit.read	Read deposits.
Service	service.list	List services.
Service	service.read_detail	Read service detail.
Order	order.create	Create order.
Order	order.read	Read one order.
Order	order.list	List own orders.
Transaction	transaction.read	Read transactions.
Transfer	transfer.create	Create transfer.
Transfer	transfer.read	Read transfers.
Upload	upload.presigned.create	Create presigned upload URL.
Upload	upload.complete	Complete upload.
Ticket	ticket.create	Create ticket.
Ticket	ticket.read.self	Read own tickets.
Ticket	ticket.reply.self	Reply to own ticket.
Ticket	ticket.tag.self	Manage tags on own ticket.

If a request returns 403, the API key is valid but its effective permissions do not include the permission required by that endpoint.

Verify Access

Check whether an API key can authenticate API requests.