Access control

The backend API implements role-based access control (RBAC). Each user has a role and that role determines what they can and cannot do.

Roles vs levels

In practice, the different user roles map to a permission level between 0 and 8. The available roles and their privilege levels are:

  • user: 4
  • bughunter: 5
  • support: 6
  • admin: 8

We offer more fine-grained control over the permission level when authenticating with API keys. When you create an API key, you can choose any permissioning level that is equal or lower than your own role’s permission level.

This allows you to — for example — generate an API key that only have read access to your data.

Permission levels

The table below lists the privilege of all levels as well as their corresponding role

1read people and patterns
2read all account data
3write people or patterns
4write all account data
5read people or patterns of other users
6read all account data of other users
7write account data of other users through specific support methods
8impersonate other users, full write access