Avnology ID
API ReferencePermissions

Expand Permission

Expand a permission tuple into its full resolution tree showing how a permission is derived.

Endpoint

POST /v1/permissions:expand

Base URL: https://api-id.avnology.net

Authentication: API Key or OAuth token with admin:permissions:read scope

Expands a relation tuple into a tree showing all subjects who have the specified relation on the object, including inherited permissions through group memberships and role hierarchies.

Request

curl -X POST https://api-id.avnology.net/v1/permissions:expand

Response

Success (200 OK)

{
  "tree": {
    "type": "union",
    "tuple": { "namespace": "organizations", "object": "org_7a2b3c4d", "relation": "admin" },
    "children": [
      {
        "type": "leaf",
        "tuple": { "namespace": "organizations",

Code Examples

JavaScript (fetch)

async function expandPermission(apiKey, namespace, object, relation) {
  return fetch('https://api-id.avnology.net/v1/permissions:expand', {
    method: 'POST',
    headers: { 'Authorization': `Bearer ${apiKey}`, 'Content-Type':

Python (httpx)

import httpx

def expand_permission(api_key: str, namespace: str, object_id: str, relation: str) -> dict:
    return httpx.post("https://api-id.avnology.net/v1/permissions:expand",
        headers

Go (net/http)

func expandPermission(ctx context.Context, apiKey, ns, obj, rel string) (*ExpandResponse, error) {

Revoke Permission

Remove a permission tuple, revoking a subject's access to a resource.

List Service Accounts

Retrieve a paginated list of service accounts for an organization.

On this page

EndpointRequestResponseSuccess (200 OK)Code ExamplesJavaScript (fetch)Python (httpx)Go (net/http)Related