API Reference/Management

Permission Management

Overview

Using the permissions management APIs enables administrators to manage their permissions utilizing a management key.

Management keys are generated from Company > Management Keys. These keys will be used within the bearer token. The format is <Project ID>:<Management Key>.

Use Cases

SSO Management:

  1. Load All Permissions
  2. Create Permission
  3. Update Permission
  4. Delete Permission

Examples

Example - Configure a new permission and apply it to a role

  1. Utilize the Create Permission api endpoint to create a new permission.
  2. Utilize the Create Role or Update Role api endpoints to apply the permission to a role.
Was this helpful?

Load All Members of a specific External Group POST

### Load all members of a specific External group, using a valid management key. This API endpoint allows administrators to load all members of a specific external group that is associated to a tenant. The response contains an array of group objects including the group id, display name, and an array of associated members. ### Next Steps Administrators can review this information and make changes within their IdP or if necessary, [Create a SCIM Group](/api/management/tenants/scim/create-scim-group), [Update an Existing SCIM Group (adding new members)](/api/management/tenants/scim/update-scim-group), or [Delete an Existing SCIM Group](/api/management/tenants/scim/delete-scim-group) ### See also - See [SSO Configuration](/sso) for further details on managing SSO Configurations on a tenant. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Load All Permission GET

### Load all permissions, using a valid management key. This API endpoint returns details all permissions configured within the Descope instance. The response includes an array of permissions and these details of each permission: - name - description - systemDefault ### Next Steps Once you have this data, you can utilize the response to [Create Roles](/api/management/roles/create-role) or [Update Roles](/api/management/roles/update-role) ### See also - See [User Authorization](/manage/roles/) for further details on managing roles and permissions. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

On this page