Authorization and Permissions
Permission checks are enforced per endpoint after API key authentication.
Available Permissions
| Permission | Covers |
|---|---|
members:read | List and view members |
members:write | Create and update members |
passes:read | List and view issued pass instances |
passes:issue | Issue passes and event tickets |
passes:revoke | Revoke issued passes |
passes:reinstate | Reinstate revoked passes |
passes:update_expiry | Update or remove pass expiry dates |
passes:send_email | Send pass delivery emails |
pass_templates:read | List and view pass templates |
Endpoint Mapping
| Endpoint group | Required permission |
|---|---|
GET /members, GET /members/{id} | members:read |
POST /members, PUT /members/{id} | members:write |
GET /passes, GET /passes/{id} | passes:read |
POST /passes/issue | passes:issue |
POST /passes/{id}/revoke | passes:revoke |
POST /passes/{id}/reinstate | passes:reinstate |
PUT /passes/{id}/expiry | passes:update_expiry |
POST /passes/{id}/send-email | passes:send_email |
GET /pass-templates, GET /pass-templates/{id} | pass_templates:read |
| Event ticket issuing endpoints | passes:issue |
If a key does not include the required permission, the API returns HTTP 403.