List permission catalog

GET

/api/v1/permissions

Authentication

Bearer Token Authorization
JWT access token
API Key X-API-Key
API key for management-tier access

Query Parameters

Name	Required	Type	Description
`source`	Required	`string`

Code samples

cURL

JavaScript

Python

curl -X GET "https://api.canopy.dev/api/v1/permissions?source=value" \
  -H "X-API-Key: $CANOPY_API_KEY"

const response = await fetch("https://api.canopy.dev/api/v1/permissions?source=value", {
  method: "GET",
  headers: {
    "X-API-Key": "$CANOPY_API_KEY"
  },
});

const data = await response.json();

import requests

response = requests.get(
    "https://api.canopy.dev/api/v1/permissions?source=value",
    headers={
    "X-API-Key": "$CANOPY_API_KEY"
    },
)

data = response.json()

package main

import (
	"net/http"
)

func main() {
	req, _ := http.NewRequest("GET", "https://api.canopy.dev/api/v1/permissions?source=value", nil)
	req.Header.Set("X-API-Key", "$CANOPY_API_KEY")

	resp, _ := http.DefaultClient.Do(req)
	defer resp.Body.Close()
}

Responses

200 Permissions returned

{
  "items": [
    {
      "id": "string",
      "application_id": "string",
      "key": "string",
      "description": "string",
      "category": "string",
      "source": "system",
      "created_at": "2026-04-20T12:00:00.000Z",
      "version": 0
    }
  ]
}

application/json

itemsPermissionResponseDto[]*

401 Invalid or expired token

403 This token is not authorized for this endpoint (wrong principal type — e.g., admin token on identity-only endpoint, or vice versa)

Returned object

The PermissionResponseDto object View all properties on this resource

On this page

POSTRegister new permission(s)
GETGet a permission
PATCHUpdate permission metadata
DELETERemove a permission
POSTEvaluate authorization
POSTBulk evaluate authorization