Skip to main content

Permissions

Permissions offer fine-grained control over your Application's access to different resources within your Tenant. We suggest minimizing the scope of your Applications, and to not share Applications across your internal services.

Permissions are associated with every Application and can be configured when you create an Application or update an Application.

Every API endpoint will document the required permissions needed to perform the operation against the endpoint.

List Permissions

Gets the list of all supported permissions.

GET
https://api.basistheory.com/permissions
Copy

Request

curl "https://api.basistheory.com/permissions" \
  -H "BT-API-KEY: <API_KEY>"

Query Parameters

ParameterRequiredTypeDefaultDescription
application_typefalsestringnullApplication type to filter permissions by

Response

Returns an array of permission objects. Returns an error if permissions could not be retrieved.

[
  {
    "type": "token:read",
    "description": "Read tokens",
    "application_types": [
      "private"
    ]
  },
  {...},
  {...}
]

Permission Object

AttributeTypeDescription
typestringPermission type referenced by Basis Theory API endpoints
descriptionstringDescription of the permission
application_typesarrayList of application types that can assign the permission

Permission Types

PermissionDescriptionApplication Types
token:createCreate Tokenspublic private
token:updateUpdate Tokenspublic private
token:readRead Tokensprivate
token:searchSearch Tokensprivate
token:deleteDelete Tokensprivate
token:useUse Tokens in Basis Theory Services (e.g., Proxy, Reactors)private
tenant:readRead Tenantsmanagement
tenant:updateUpdate Tenantsmanagement
tenant:deleteDelete Tenantsmanagement
application:readRead Applicationsmanagement
application:createCreate Applicationsmanagement
application:updateUpdate and regenerate API keys for Applicationsmanagement
application:deleteDelete Applicationsmanagement
log:readRead audit logsmanagement
reactor:readRead Reactorsmanagement
reactor:createCreate Reactorsmanagement
reactor:updateUpdate Reactorsmanagement
reactor:deleteDelete Reactorsmanagement
proxy:readRead Proxiesmanagement
proxy:createCreate Proxiesmanagement
proxy:updateUpdate Proxiesmanagement
proxy:deleteDelete Proxiesmanagement
tenant:member:readRead Tenant Membersmanagement
tenant:member:updateUpdate Tenant Membersmanagement
tenant:member:deleteDelete Tenant Membersmanagement
tenant:invitation:createCreate Tenant Invitationsmanagement
tenant:invitation:readRead Tenant Invitationsmanagement
tenant:invitation:updateUpdate Tenant Invitationsmanagement
tenant:invitation:deleteDelete Tenant Invitationsmanagement
report:readRead reportsmanagement