Resolve Permissions

Retrieve the full resolved permission set for a user.

The resolve endpoint returns the complete capability set for a user, combining roles, overrides, and module permissions into a single response. Results are cached in Redis for 60 seconds.

Endpoint

GET /api/v1/permissions/resolve/:adminId

Scope: permissions:check

Rate limit: 5,000/hr

Path parameters

Parameter	Type	Description
adminId	string	The user ID to resolve permissions for

curl

curl https://api.platformxe.com/api/v1/permissions/resolve/user_xyz789 \
  -H "x-api-key: pxk_live_your_api_key_here"

SDK

const result = await px.permissions.resolve('user_xyz789');

console.log(result.data.capabilities);
// ['articles:read', 'articles:create', 'articles:update', 'media:read']

console.log(result.data.modules);
// [{ moduleId: 'mod_bookings', actions: ['READ', 'CREATE'] }]

Response

{
  "success": true,
  "data": {
    "adminId": "user_xyz789",
    "roles": ["role_editor", "role_viewer"],
    "capabilities": [
      "articles:read",
      "articles:create",
      "articles:update",
      "media:read"
    ],
    "modules": [
      { "moduleId": "mod_bookings", "actions": ["READ", "CREATE"] }
    ],
    "overrides": [
      { "path": "invoices", "action": "delete", "effect": "DENY" }
    ],
    "ttl": 60
  }
}

Caching behavior

Resolved permissions are cached in Redis with a 60-second TTL. The engine uses singleflight to prevent thundering herd — if multiple requests resolve the same user concurrently, only one cache computation occurs.

Use cases

• Render a full UI permissions map on page load
• Pre-fetch capabilities at login to avoid per-action check latency
• Debug a user's effective permissions during support investigations

Error responses

Code	Description
NOT_FOUND	The adminId does not exist
FORBIDDEN	API key missing permissions:check scope
RATE_LIMITED	Exceeded 5,000/hr limit