See related

Permissions required for common API requests

Last Update: Jun 2024 Est. Read Time:
To check plan availability, see the pricing page.

To facilitate putting the principle of least privilege into practice, this article lists the narrowly-defined permissions needed to make some of the most common API requests. When multiple permissions are listed below a request, each listed permission alone grants access. Discretion should be exercised about which permission makes most sense to grant (i.e. user vs. admin) for your use case.

Customers

  • GET: org.user.customer.read
  • PATCH: org.user.customer.write
  • PUT: org.user.customer.write
  • POST: org.user.customer.write
  • DELETE: org.admin.customer.delete

Conversations

  • GET: org.user.conversation.read
  • PATCH: org.user.conversation.write
  • PUT: org.user.conversation.write
  • POST: org.user.conversation.write
  • DELETE: org.admin.conversation.delete

Messages

  • GET: org.user.message.read
  • PATCH: org.user.message.write
  • PUT: org.user.message.write
  • POST: org.user.message.write

Klasses

  • GET (/klasses): org.user.klass.read, org.admin.klass.read
  • GET (/klasses/{id}): org.user.kobject.read
  • PUT: org.user.kobject.write
  • POST: org.user.kobject.write
  • DELETE: org.admin.kobject.delete

Shortcuts

  • GET (/shortcuts): org.user.klass.read, org.admin.klass.read
  • GET (/shortcuts/{id}): org.user.klass.read, org.admin.klass.read
  • PUT: org.admin.content.shortcut.write, org.admin.shortcut.write
  • POST: org.admin.content.shortcut.write, org.admin.shortcut.write
  • DELETE: org.admin.content.shortcut.write, org.admin.shortcut.write

Searches

This endpoint is for searching via the API. 

POST: org.user.search.read, org.admin.search.read

Users

  • GET (/users/current): org.admin.user.read
  • POST (/users/passwordreset): org.admin.user.write

Teams

  • GET: org.user.team.read, org.admin.team.read
  • POST: org.admin.team.write