Add Permissions
curl --request POST \
--url https://api.velt.dev/v2/auth/permissions/add \
--header 'Content-Type: application/json' \
--header 'x-velt-api-key: <x-velt-api-key>' \
--header 'x-velt-auth-token: <x-velt-auth-token>' \
--data '
{
"data": {
"user": {
"userId": "<string>"
},
"permissions": {
"resources": [
{
"type": "<string>",
"id": "<string>",
"organizationId": "<string>",
"accessRole": "<string>",
"expiresAt": 123
}
]
}
}
}
'import requests
url = "https://api.velt.dev/v2/auth/permissions/add"
payload = { "data": {
"user": { "userId": "<string>" },
"permissions": { "resources": [
{
"type": "<string>",
"id": "<string>",
"organizationId": "<string>",
"accessRole": "<string>",
"expiresAt": 123
}
] }
} }
headers = {
"x-velt-api-key": "<x-velt-api-key>",
"x-velt-auth-token": "<x-velt-auth-token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
'x-velt-api-key': '<x-velt-api-key>',
'x-velt-auth-token': '<x-velt-auth-token>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
data: {
user: {userId: '<string>'},
permissions: {
resources: [
{
type: '<string>',
id: '<string>',
organizationId: '<string>',
accessRole: '<string>',
expiresAt: 123
}
]
}
}
})
};
fetch('https://api.velt.dev/v2/auth/permissions/add', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.velt.dev/v2/auth/permissions/add",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'data' => [
'user' => [
'userId' => '<string>'
],
'permissions' => [
'resources' => [
[
'type' => '<string>',
'id' => '<string>',
'organizationId' => '<string>',
'accessRole' => '<string>',
'expiresAt' => 123
]
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"x-velt-api-key: <x-velt-api-key>",
"x-velt-auth-token: <x-velt-auth-token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.velt.dev/v2/auth/permissions/add"
payload := strings.NewReader("{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-velt-api-key", "<x-velt-api-key>")
req.Header.Add("x-velt-auth-token", "<x-velt-auth-token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.velt.dev/v2/auth/permissions/add")
.header("x-velt-api-key", "<x-velt-api-key>")
.header("x-velt-auth-token", "<x-velt-auth-token>")
.header("Content-Type", "application/json")
.body("{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.velt.dev/v2/auth/permissions/add")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-velt-api-key"] = '<x-velt-api-key>'
request["x-velt-auth-token"] = '<x-velt-auth-token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}"
response = http.request(request)
puts response.read_body{
"result": {
"status": "success",
"message": "Permissions added successfully."
}
}
Access Control
Add Permissions
POST
/
v2
/
auth
/
permissions
/
add
Add Permissions
curl --request POST \
--url https://api.velt.dev/v2/auth/permissions/add \
--header 'Content-Type: application/json' \
--header 'x-velt-api-key: <x-velt-api-key>' \
--header 'x-velt-auth-token: <x-velt-auth-token>' \
--data '
{
"data": {
"user": {
"userId": "<string>"
},
"permissions": {
"resources": [
{
"type": "<string>",
"id": "<string>",
"organizationId": "<string>",
"accessRole": "<string>",
"expiresAt": 123
}
]
}
}
}
'import requests
url = "https://api.velt.dev/v2/auth/permissions/add"
payload = { "data": {
"user": { "userId": "<string>" },
"permissions": { "resources": [
{
"type": "<string>",
"id": "<string>",
"organizationId": "<string>",
"accessRole": "<string>",
"expiresAt": 123
}
] }
} }
headers = {
"x-velt-api-key": "<x-velt-api-key>",
"x-velt-auth-token": "<x-velt-auth-token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
'x-velt-api-key': '<x-velt-api-key>',
'x-velt-auth-token': '<x-velt-auth-token>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
data: {
user: {userId: '<string>'},
permissions: {
resources: [
{
type: '<string>',
id: '<string>',
organizationId: '<string>',
accessRole: '<string>',
expiresAt: 123
}
]
}
}
})
};
fetch('https://api.velt.dev/v2/auth/permissions/add', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.velt.dev/v2/auth/permissions/add",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'data' => [
'user' => [
'userId' => '<string>'
],
'permissions' => [
'resources' => [
[
'type' => '<string>',
'id' => '<string>',
'organizationId' => '<string>',
'accessRole' => '<string>',
'expiresAt' => 123
]
]
]
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"x-velt-api-key: <x-velt-api-key>",
"x-velt-auth-token: <x-velt-auth-token>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.velt.dev/v2/auth/permissions/add"
payload := strings.NewReader("{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-velt-api-key", "<x-velt-api-key>")
req.Header.Add("x-velt-auth-token", "<x-velt-auth-token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.velt.dev/v2/auth/permissions/add")
.header("x-velt-api-key", "<x-velt-api-key>")
.header("x-velt-auth-token", "<x-velt-auth-token>")
.header("Content-Type", "application/json")
.body("{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.velt.dev/v2/auth/permissions/add")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-velt-api-key"] = '<x-velt-api-key>'
request["x-velt-auth-token"] = '<x-velt-auth-token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"data\": {\n \"user\": {\n \"userId\": \"<string>\"\n },\n \"permissions\": {\n \"resources\": [\n {\n \"type\": \"<string>\",\n \"id\": \"<string>\",\n \"organizationId\": \"<string>\",\n \"accessRole\": \"<string>\",\n \"expiresAt\": 123\n }\n ]\n }\n }\n}"
response = http.request(request)
puts response.read_body{
"result": {
"status": "success",
"message": "Permissions added successfully."
}
}
Use this API to add permissions to a user for various resources like organizations, folders, documents, etc.
- You can add permissions for multiple resources in a single API call.
- The
expiresAtfield is optional. If provided, the permission will expire at the given timestamp.
Access Control
- Set
accessRoletoviewer(read-only) oreditor(read/write) on each resource to define the user’s capabilities for that resource. accessRolecan only be set via the v2 Users and Auth Permissions REST APIs. Frontend SDK methods do not accept or changeaccessRole.- Relevant endpoints:
/v2/users/add,/v2/users/update,/v2/auth/permissions/add,/v2/auth/generate_token. - See the Access Control overview for concepts and detailed guidance.
Endpoint
POST https://api.velt.dev/v2/auth/permissions/add
Headers
Your API key.
Your Auth Token.
Body
Show properties
Show properties
Show properties
Show properties
Array of resource objects to grant permissions for.
Show Resource Object
Show Resource Object
The type of resource. Can be
organization, document or folder.The ID of the resource.
The ID of the organization. Required if
type is document or folder.Optional access role for this resource. Allowed values: “viewer” | “editor”. Default: “editor”.
A Unix timestamp (in seconds) that specifies when the permission should expire. This is optional.
Example Requests
1. Add permissions to a specific organization
- Editor
- Viewer
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "organization",
"id": "YOUR_ORGANIZATION_ID",
"accessRole": "editor"
}
]
}
}
}
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "organization",
"id": "YOUR_ORGANIZATION_ID",
"accessRole": "viewer"
}
]
}
}
}
2. Add permissions to a specific document within an organization
- Editor
- Viewer
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "document",
"id": "YOUR_DOCUMENT_ID",
"organizationId": "YOUR_ORGANIZATION_ID",
"accessRole": "editor",
"expiresAt": 1728902400
}
]
}
}
}
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "document",
"id": "YOUR_DOCUMENT_ID",
"organizationId": "YOUR_ORGANIZATION_ID",
"accessRole": "viewer",
"expiresAt": 1728902400
}
]
}
}
}
3. Add permissions to a specific folder within an organization
- Editor
- Viewer
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "folder",
"id": "YOUR_FOLDER_ID",
"organizationId": "YOUR_ORGANIZATION_ID",
"accessRole": "editor"
}
]
}
}
}
{
"data": {
"user": {
"userId": "some-user-id"
},
"permissions": {
"resources": [
{
"type": "folder",
"id": "YOUR_FOLDER_ID",
"organizationId": "YOUR_ORGANIZATION_ID",
"accessRole": "viewer"
}
]
}
}
}
Response
Success Response
{
"result": {
"status": "success",
"message": "Permissions added successfully."
}
}
Failure Response
{
"error": {
"message": "ERROR_MESSAGE",
"status": "INVALID_ARGUMENT"
}
}
{
"result": {
"status": "success",
"message": "Permissions added successfully."
}
}
Was this page helpful?
⌘I

