permissions

Create permission

Create a new permission to define specific actions or capabilities in your RBAC system. Permissions can be assigned directly to API keys or included in roles.

Use hierarchical naming patterns like documents.read, admin.users.delete, or billing.invoices.create for clear organization.

Important: Permission names must be unique within the workspace. Once created, permissions are immediately available for assignment.

Required Permissions

Your root key must have the following permission:

rbac.*.create_permission

POST

permissions.createPermission

Python (SDK)

from unkey.py import Unkey


with Unkey(
    root_key="<YOUR_BEARER_TOKEN_HERE>",
) as unkey:

    res = unkey.permissions.create_permission(name="users.read", slug="users-read", description="Grants read-only access to user profile information, account settings, and subscription status.")

    # Handle response
    print(res)

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "permissionId": "perm_1234567890abcdef"
  }
}

Authorizations

Authorization

string

header

required

Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:

Authorization: Bearer unkey_123

Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api). Security best practices:

Keep root keys secure and never expose them in client-side code
Use different root keys for different environments
Rotate keys periodically, especially after team member departures
Create keys with minimal necessary permissions following least privilege principle
Monitor key usage with audit logs.

Body

application/json

Response

200

application/json

Permission created successfully

The response is of type object.

Create roleCreate a new role to group related permissions for easier management. Roles enable consistent permission assignment across multiple API keys. **Important:** Role names must be unique within the workspace. Once created, roles are immediately available for assignment. **Required Permissions** Your root key must have the following permission: - `rbac.*.create_role`

Python (SDK)

from unkey.py import Unkey


with Unkey(
    root_key="<YOUR_BEARER_TOKEN_HERE>",
) as unkey:

    res = unkey.permissions.create_permission(name="users.read", slug="users-read", description="Grants read-only access to user profile information, account settings, and subscription status.")

    # Handle response
    print(res)

{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "permissionId": "perm_1234567890abcdef"
  }
}

Introduction

Endpoints

Create permission

Authorizations

Body

Response