Core
API v2.x
2
APIAPI v2.x

checkRights #

Available since 2.8.0

Checks if the provided API request can be executed by a user.

Query Syntax #

HTTP #

URL: http://kuzzle:7512/_checkRights/<_id>
Method: POST
Body:
{
  // RequestPayload
  "controller": "document",
  "action": "create",
  "index": "nyc-open-data",
  "collection": "yellow-taxi",
  "body": {
    "controller": "server",
    "action": "info"
  }
}

Other protocols #

{
  "controller": "auth",
  "action": "checkRights",
  "_id": "<kuid>",
  "body": {
    // RequestPayload
    "controller": "document",
    "action": "create",
    "index": "nyc-open-data",
    "collection": "yellow-taxi",
    "body": {
      "name": "melis"
    }
  }
}

Arguments #

  • _id: user unique kuid

Body properties #

The body must contain a RequestPayload with at least the following properties:

  • controller: API controller
  • action: API action

Response #

The returned result contains the following property:

  • allowed: a boolean telling whether the provided request would have been allowed or not

Example:

{
  "status": 200,
  "error": null,
  "controller": "security",
  "action": "checkRights",
  "requestId": "<unique request identifier>",
  "result": {
    "allowed": true
  }
}
Edit this page on Github(opens new window)