Access Policies represent roles in the platform, this API allows developers to create an entirely personalised RBAC system on their accounts.

It allows creation and management of access policies that define the resources and operations one is allowed to access.
For example, a product manufacturing company may decide to create the "machineOperator" and "shopManager" roles and these would be represented in the platform by two distinct and unique access policies. These policies would, for example, allow machine operators to read thngs and products but not create them, and allow shop managers to read scans but not delete them.

📘

Note

Read the Roles and Permissions page to learn about how this API can be used to fulfil the most typical use cases.

An access policy is defined by a list of permissions and an optional list of uiPermissions.

See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions


Permissions

A permission defines the resource and operations one is allowed to perform. It is defined by a resource name followed by the allowed operations.

For example, a permission to read, list, create, update and delete a thng is represented in the following string format: thngs:read,list,create,update,delete - a resource name and a comma separated list of operations, where the resource and operations are separated by a colon.

See Resources to learn about the available resources and their meanings, and Operations to learn how to utilise them.

An access policy is constituted by an array of permissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions array would serve as an example:

[
  'accounts:read,update',
  'accessPolicies:read,list',
  'factories:list',
  'operatorAccess:list,read,create,update,delete',
  'places:read,list',
  'products:read,list',
  'purchaseOrders:read,list',
  'purchaseOrdersAggregations:list',
];

Operations

Operations represent HTTP methods allowed to a particular resource.
There are five different types of Operations:

  • Create - The ability to make a POST request to a given API and create an instance of its resource in the platform.
  • Read - The ability to make a GET-by-ID request to a given API and retrieve a single object of that resource.
  • List - The ability to make a GET request to a given API and retrieve all resources through an array of objects.
  • Update - The ability to make a PUT request to a given API and update a given resource.
  • Delete - The ability to make a DELETE request to a given API and delete a given resource.

📘

Operation Notation

In the resource table below, Operations will be presented in the following notation:

(C) - Create
(R) - Read
(L) - List
(U) - Update
(D) - Delete


Resources

A resource represents an entity data model in the platform. For any given resource there is a base endpoint associated with.

All available resources, possible operations, their associated endpoints and supported restrictive conditions are listed below:

Endpoint Resource Operations Supported restrictive conditions
/access access read
/accesses accesses create,list
/accesses/:accessId accesses delete,read
/accessPolicies accessPolicies create,list accessPolicyId - Restrictive condition on an access policyID
/accessPolicies/:accessPolicyId accessPolicies read,delete,update accessPolicyId- Restrictive condition on an access policyID
/accessTokens accessTokens create,list
/accessTokens/:accessTokenId accessTokens read,update,delete
/accounts accounts list,create
/accounts/:accountId accounts read,update,delete
/accounts/:accountId/accesses accountAccesses list,create
/accounts/:accountId/accesses/:accessId accountAccesses read,update,delete
/accounts/:accountId/domains domains list
/accounts/:accountId/modules modules list
/accounts/:accountId/modules/:moduleId modules read,update
/accounts/:accountId/operatorAccess operatorAccess create,list accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies.
/accounts/:accountId/operatorAccess/:operatorAccessId operatorAccess read,delete,update accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies.
/accounts/:accountId/rateLimit accountRateLimits create,list
/accounts/:accountId/rateLimit/:name accountRateLimits read,update,delete
/accounts/:accountId/shortDomains shortDomains update,list
/actions actions create,read
/actions/all allActions list,read
/actions/checkins checkinsActions read,list,create,update,delete
/actions/commissions commissionsActions read,list,create,update,delete
/actions/_:customType customActions read,list,create,update,delete
/actions/decommissions decommissionsActions read,list,create,update,delete
/actions/encodings encodingsActions read,list,create,update,delete
/actions/implicitScans implicitScansActions read,list,create,update,delete
/actions/invalidScans invalidScansActions read,list,create,update,delete
/actions/scans scansActions read,list,create,update,delete
/actions/shares sharesActions read,list,create,update,delete
/actions/_:customType/:actionId customActions read,delete
/actions/all/:actionId allActions list,read
/actions/checkins/:actionId checkinsActions read,delete
/actions/commissions/:actionId commissionsActions read,delete
/actions/decommissions/:actionId decommissionsActions read,delete
/actions/encodings/:actionId encodingsActions read,delete
/actions/implicitScans/:actionId implicitScansActions read,delete
/actions/invalidScans/:actionId invalidScansActions read,delete
/actions/scans/:actionId scansActions read,delete
/actions/shares/:actionId sharesActions read,delete
/actions/all/aggregations actions list
/actionTypes actionTypes list,create
/actionTypes/:actionType actionTypes read,update,delete
/adis/orders adiOrders create,list
/adis/orders/:orderId adiOrders read
/adis/orders/:orderId/events adiOrdersEvents list,create
/adis/orders/:orderId/events/:eventId adiOrdersEvents read
/analytics/embed/dashboards/:dashboardId analyticsEmbed read
/analytics/v2/metrics/:metricName/compute analytics list
/auth/strategies/:strategy/:provider authStrategies read
/auth/strategies/:strategy/:provider/callback authStrategies create,read
/graphql analyticsGraphql create,list
/collections collections create,list
/collections/:collectionId collections read,update,delete
/collections/:collectionId/actions/all collectionsActions create,list
/collections/:collectionId/actions/checkins collectionsCheckinsActions create,list
/collections/:collectionId/actions/commissions collectionsCommissionsActions create,list
/collections/:collectionId/actions/_:customActionType collectionsCustomActions create,list
/collections/:collectionId/actions/decommissions collectionsDecommissionsActions create,list
/collections/:collectionId/actions/encodings collectionsEncodingsActions create,list
/collections/:collectionId/actions/implicitScans collectionsImplicitScansActions create,list
/collections/:collectionId/actions/invalidScans collectionsInvalidScansActions create,list
/collections/:collectionId/actions/scans collectionsScansActions create,list
/collections/:collectionId/actions/shares collectionsSharesActions create,list
/collections/:collectionId/actions/all/:actionId collectionsActions read
/collections/:collectionId/actions/checkins/:actionId collectionsCheckinsActions read,delete
/collections/:collectionId/actions/commissions/:actionId collectionsCommissionsActions read,delete
/collections/:collectionId/actions/_:customActionType/:actionId collectionsCustomActions read,delete
/collections/:collectionId/actions/decommissions/:actionId collectionsDecommissionsActions read,delete
/collections/:collectionId/actions/encodings/:actionId collectionsEncodingsActions read,delete
/collections/:collectionId/actions/implicitScans/:actionId collectionsImplicitScansActions read,delete
/collections/:collectionId/actions/invalidScans/:actionId collectionsInvalidScansActions read,delete
/collections/:collectionId/actions/scans/:actionId collectionsScansActions read,delete
/collections/:collectionId/actions/shares/:actionId collectionsSharesActions read,delete
/collections/:collectionId/collections collections create,list,delete
/collections/:collectionId/collections/:childCollectionId collections delete
/collections/:collectionId/thngs collections list,update,delete
/collections/:collectionId/thngs/:thngId collections delete
/files files create,list
/files/:fileId files read,delete
/me me read
/metrics/totalActivations totalActivations read
/metrics/activePurchaseOrders activePurchaseOrders read
/metrics/activeFactories activeFactories read
/operators operators create,list
/operators/:operatorId operators read,delete,update
/operators/:operatorId/status operatorsStatus read,update
/operators/login/evrythng operatorsLogin create
/places places create,list
/places/:placeId places read,update,delete
/places/factories/*/aggregations/timeseries factories list
/places/factories/*/purchaseOrders/aggregations factories list
/places/factories/*/zones/aggregations factories list
/products products create,list
/products/:productId products read,update,delete
/products/:productId/actions/all productsActions create,list
/products/:productId/actions/checkins productsCheckinsActions read,create,list,update,delete
/products/:productId/actions/commissions productsCommissionsActions read,create,list,update,delete
/products/:productId/actions/_:customActionType productsCustomActions read,create,list,update,delete
/products/:productId/actions/decommissions productsDecommissionsActions read,create,list,update,delete
/products/:productId/actions/encodings productsEncodingsActions read,create,list,update,delete
/products/:productId/actions/implicitScans productsImplicitScansActions read,create,list,update,delete
/products/:productId/actions/invalidScans productsInvalidScansActions read,create,list,update,delete
/products/:productId/actions/scans productsScansActions read,create,list,update,delete
/products/:productId/actions/shares productsSharesActions read,create,list,update,delete
/products/:productId/actions/all/:actionId productsActions read
/products/:productId/actions/checkins/:actionId productsCheckinsActions read
/products/:productId/actions/commissions/:actionId productsCommissionsActions read
/products/:productId/actions/_:customActionType/:actionId productsCustomActions read
/products/:productId/actions/decommissions/:actionId productsDecommissionsActions read
/products/:productId/actions/encodings/:actionId productsEncodingsActions read
/products/:productId/actions/implicitScans/:actionId productsImplicitScansActions read
/products/:productId/actions/invalidScans/:actionId productsInvalidScansActions read
/products/:productId/actions/scans/:actionId productsScansActions read
/products/:productId/actions/shares/:actionId productsSharesActions read
/products/:productId/properties products create,list,update,delete
/products/:productId/properties/:propertyKey products read,update,delete
/products/:productId/redirector products create,read,update,delete
/projects projects create,list
/projects/:projectId projects read,update,delete
/projects/:projectId/applications applications create,list
/projects/:projectId/applications/:applicationId applications read,update,delete
/projects/:projectId/applications/:applicationId/reactor/script reactor read,update
/projects/:projectId/applications/:applicationId/reactor/script/status reactor read
/projects/:projectId/applications/:applicationId/reactor/logs reactorLogs read,delete
/projects/:projectId/applications/:applicationId/reactor/logs/bulk reactorLogs create
/projects/:projectId/applications/:applicationId/reactor/schedules reactorSchedules create,list
/projects/:projectId/applications/:applicationId/reactor/schedules/:reactorScheduleId reactorSchedules read,update,delete
/projects/:projectId/applications/:applicationId/redirector redirections read,update
/purchaseOrders purchaseOrders create,list
/purchaseOrders/:purchaseOrderId purchaseOrders read,update,delete
/purchaseOrders/aggregations purchaseOrdersAggregations list
/purchaseOrders/*/aggregations purchaseOrdersAggregations list
/purchaseOrders/*/products/aggregations purchaseOrdersAggregations list
/redirections redirections create
/redirections/{GS1_PATH} redirections read
/redirections/:shortId redirections read,update,delete
/redirector redirector read,update,delete
/rules/authenticity rules create
/shipmentNotices shipmentNotices create,list
/shipmentNotices/:shipmentNoticeId shipmentNotices read,update,delete
/scan/identifications scan create,read
/thngs thngs create,list,delete
/thngs/:thngId thngs read,update,delete
/thngs/:thngId/actions/all thngsActions create,list
/thngs/:thngId/actions/checkins thngsCheckinsActions read,create,list,update,delete
/thngs/:thngId/actions/commissions thngsCommissionsActions read,create,list,update,delete
/thngs/:thngId/actions/_:customActionType thngsCustomActions read,create,list,update,delete
/thngs/:thngId/actions/decommissions thngsDecommissionsActions read,create,list,update,delete
/thngs/:thngId/actions/encodings thngsEncodingsActions read,create,list,update,delete
/thngs/:thngId/actions/implicitScans thngsImplicitScansActions read,create,list,update,delete
/thngs/:thngId/actions/invalidScans thngsInvalidScansActions read,create,list,update,delete
/thngs/:thngId/actions/scans thngsScansActions read,create,list,update,delete
/thngs/:thngId/actions/shares thngsSharesActions read,create,list,update,delete
/thngs/:thngId/actions/all/:actionId thngsActions read
/thngs/:thngId/actions/checkins/:actionId thngsCheckinsActions read,delete
/thngs/:thngId/actions/commissions/:actionId thngsCommissionsActions read,delete
/thngs/:thngId/actions/_:customType/:actionId thngsCustomActions read,delete
/thngs/:thngId/actions/decommissions/:actionId thngsDecommissionsActions read,delete
/thngs/:thngId/actions/encodings/:actionId thngsEncodingsActions read,delete
/thngs/:thngId/actions/implicitScans/:actionId thngsImplicitScansActions read,delete
/thngs/:thngId/actions/invalidScans/:actionId thngsInvalidScansActions read,delete
/thngs/:thngId/actions/scans/:actionId thngsScansActions read,delete
/thngs/:thngId/actions/shares/:actionId thngsSharesActions read,delete
/thngs/:thngId/commissionState thngsCommissioningState read
/thngs/:thngId/location thngs list,create,update,delete
/thngs/:thngId/properties thngs list,create,update,delete
/thngs/:thngId/properties/:propertyKey thngs read,update,delete
/thngs/:thngId/redirector thngs create,read,update,delete
/time time read

Restrictive conditions

Before learning about how this API supports them, read about restrictive conditions to understand the concept.

The Access Policies API supports restrictive conditions on an access policy ID. Meaning that for a given API key with a restrictive condition on accessPolicyId the API will filter out all access policies that are not part of the caller's restrictive conditions.

For example:

Given a certain Operator Access with the following conditions:An access policy is defined by a list of permissions and an optional list of uiPermissions.

See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions

{
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "name": "The Operator's name",
  "operator": "UsSNYMPhapktcaaabfahfpdp",
  "policies": [
    "UsSNYMPhapktcaaabfahfpdp"
  ],
  "conditions": [
    “accessPolicyId:UsSNYMPhapktcaaabfahfpdp”,
    “accessPolicyId:UsLOOMDhrpktcooobfahfade”,
  ]
}

and certained that the Operator above has an API key that allows C, R, L, U, D operations on access policies, the following scenarios will occur when that key is used:

  • GET /accessPolicies will only return policies which IDs are UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade
  • Get /accessPolicies/:accessPolicyId will only return data if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
  • PUT /accessPolicies/:accessPolicyId will only be accessible if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
  • DELETE /accessPolicies/:accessPolicyId will only be accessible if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
  • POST /accessPolicies will allow the creation of access policies that do not extend the permissions present on the caller's access policy - UsSNYMPhapktcaaabfahfpdp, otherwise the payload is considerate incorrect and a 400 Bad Request error is returned. See blocked elevated privileges to learn how the system ensures that access policies created by API keys that have other access policies assign to them do not extend their own permissions.

Blocked elevated permissions

The API needs to ensure callers with certain access policies assigned do not elevate their own permissions by creating access policies with greater access than their own.

To achieve that, based on the caller's assigned access policies, the API gets and merges their permissions to a single list of permissions, and ensures the payload intended to be created is qualified.
For example:
Given the caller API key has policy1 and policy2 assigned to herself, and that the combination of permissions of those policies is:

[
  "accounts:read,update",
  "accessPolicies:read,list",
  "places:read,list",
  "products:read,lis",
  "thngs:read,list"
]

in this case, the following requests would not be allowed:

Here it will fail because the caller has no delete access on accounts:

POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY

{
  "name": "Policy name",
  "permissions"[
    "accounts:delete"
  ],
}
HTTP/1.1 400 Bad Request
The caller does not have an access to a account resource and delete action listed in payload 'permissions'

And here, because the caller does not have access to the scans resource at all:

POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY

{
  "name": "Policy name",
  "permissions"[
    "scans:read"
  ],
}
HTTP/1.1 400 Bad Request
The caller does not have an access to a scans resource and read action listed in payload 'permissions'

UI Permissions

A UI permission defines the dashboard page or feature one is allowed to access. It is defined by the dashboard page unique name. For example, a UI permission to the Consumer Engagement dashboard page is represented in the following string format: "consumerEngagement" - only users with this ui permission will be able to access this dashboard page.

An access policy is constituted by an array of permissions and an array of uiPermissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions and uiPermissions array would serve as an example:

permission example:

[
  "accounts:read,update",
  "accessPolicies:read,list",
  "factories:list",
  "operatorAccess:list,read,create,update,delete",
  "places:read,list",
  "products:read,list",
  "purchaseOrders:read,list",
  "purchaseOrdersAggregations:list"
]

uiPermission example:

[
  "activation",
  "adiOrders",
  "authenticate",
  "consumerEngagement",
  "counterfeit",
  "grayMarket",
  "intentoryVisibility",
  "inventoryTrace"
]

The uiPermissions list is a subject of the same restrictions as described in Blocked elevated permissions

Homepage

A homepage defines the dashboard or feature the holder of a policy should be shown by default. The value of the homepage must exist in the uiPermissions of the policy.

API Status
General Availability:
/accessPolicies/{accessPolicyId}
/accessPolicies


AccessPolicyDocument Data Model

An access policy resource.

.name (string, required)
    The name of the policy.

.permissions (array of AccessPolicyPermissionField)
    A list of combinations of resource and type of access.
    
.uiPermissions (array of strings)
    A list of UI permissions.
 
.homepage (string)
    The homepage to display in the UI.  Must exist in policy's uiPErmissions.

.customFields (CustomFieldsDocument)
    Object of case-sensititve key-value pairs of custom fields 
    associated with the resource.

.identifiers (IdentifiersDocument)
    Various identifiers (EPC, GTIN, etc.) as a JSON object with 
    one or more key-value pairs.

.tags (array of string)
    Array of string tags associated with this resource.
{
  "additionalProperties": false,
  "type": "object",
  "description": "An access policy resource.",
  "required": ["name"],
  "properties": {
    "name": {
      "description": "The name of the policy.",
      "type": "string",
      "example": "FactoryAdministratorPolicy",
      "minLength": 5,
      "maxLength": 128,
      "pattern": "^[a-zA-Z0-9:\\\\._\\\\s-]+$"
    },
    "permissions": {
      "description": "A list of combinations of resource and type of access.",
      "type": "array",
      "items": {
        "description": "An access policy permission. Each must include an resource type, such as places or thngs, and one or more types of access from create, list, read, update, and delete.",
        "type": "string",
        "example": "places:list,read,update",
        "minLength": 3,
        "maxLength": 256,
        "pattern": "^[a-zA-Z0-9\\\\.]+:[a-z\\\\,\\\\*]+$"
      },
      "minItems": 1,
      "maxItems": 100
    },
    "uiPermissions": {
      "description": "A list of UI permissions",
      "type": "array",
      "items": {
        "type": "string",
        "minLength": 1,
        "maxLength": 128
      },
      "uniqueItems": true
    },
    "homepage": {
      "description": "The homepage to display in the UI.  The homepage must be included in the uiPermissions list within the current access policy document.",
      "type": "string",
      "example": "adiOrders",
      "minLength": 1,
      "maxLength": 128
    },
    "customFields": {
      "type": "object",
      "description": "Object of case-sensititve key-value pairs of custom fields associated with the resource."
    },
    "identifiers": {
      "type": "object",
      "description": "Various identifiers (EPC, GTIN, etc.) as a JSON object with one or more key-value pairs."
    },
    "tags": {
      "type": "array",
      "description": "Array of string tags associated with this resource.",
      "items": {
        "type": "string",
        "maxLength": 60
      }
    }
  },
  "x-filterable-fields": [
    {
      "name": "name",
      "type": "string",
      "operators": ["="]
    },
    {
      "name": "identifiers.<key>",
      "type": "string",
      "operators": ["="]
    },
    {
      "name": "tags",
      "type": "list of string",
      "operators": ["="]
    }
  ]
}
{
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "name": "factoryManager",
  "description": "Allows factory managers to manage operators",
  "permissions": [
    "accounts:read,update",
    "products:read",
    "purchaseOrders:read,list",
    "thngs:read",
    "thngsCommissioning:create,list",
    "thngsCommissioningState:read"
  ],
  "uiPermissions": [
    "activation",
    "adiOrders",
    "authenticate"
  ],
  "homepage": "adiOrders",
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Filterable Fields

This resource type can be filtered using the following fields and operators.

FieldTypeOperators
nameString=
identifiers.<key>String=
tagsList of string=

Create an access policy

Create a new access policy resource.

POST /accessPolicies
Content-Type: application/json
Authorization: $OPERATOR_API_KEY

AccessPolicyDocument
curl -i -H Content-Type:application/json \
  -H Authorization:$OPERATOR_API_KEY \
  -X POST https://api.evrythng.com/accessPolicies \
  -d '{
  "name": "FactoryAdministratorPolicy",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ]
}'
HTTP/1.1 201 Created
Content-Type: application/json

{
  "name": "FactoryAdministratorPolicy",
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ],
  "uiPermissions": [],
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Read an access policy

Read an access policy resource.

GET /accessPolicies/:accessPolicyId
Authorization: $OPERATOR_API_KEY
curl -i \
  -H Authorization:$OPERATOR_API_KEY \
  -X GET https://api.evrythng.com/accessPolicies/:accessPolicyId
HTTP/1.1 200 OK
Content-Type: application/json

{
  "name": "FactoryAdministratorPolicy",
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ],
  "uiPermissions": [],
  "tags": [],
  "identifiers": {},
  "customFields": {}  
}

Read all access policies

Read all access policies in an account

GET /accessPolicies
Authorization: $OPERATOR_API_KEY
curl -i \
  -H Authorization:$OPERATOR_API_KEY \
  -X GET https://api.evrythng.com/accessPolicies
HTTP/1.1 200 OK
Content-Type: application/json

[
  {
    "name": "FactoryAdministratorPolicy",
    "id": "UsSNYMPhapktcaaabfahfpdp",
    "description": "Description of FactoryAdministratorPolicy",
    "permissions": [
      "actions:create",
      "places:list,read,update",
      "products:list,read",
      "purchaseOrders:list,read",
      "thngs:read"
    ],
    "uiPermissions": [
      "activation",
      "adiOrders",
      "authenticate"
    ],
    "tags": [],
    "identifiers": {},
    "customFields": {}
  },
  {
    "name": "BrandOwnerPolicy",
    "id": "UsSNYMPhapktcaaabfahfpdp",
    "permissions": [
      "actions:create",
      "places:list,read,update",
      "products:list,read",
      "purchaseOrders:list,read",
      "thngs:read"
    ],
    "uiPermissions": [],
    "tags": [],
    "identifiers": {},
    "customFields": {}
  }
]

Update an access policy

Update an access policy resource.

PUT /accessPolicies/:accessPolicyId
Content-Type: application/json
Authorization: $OPERATOR_API_KEY

AccessPolicyDocument (partial)
curl -i -H Content-Type:application/json \
  -H Authorization:$OPERATOR_API_KEY \
  -X PUT https://api.evrythng.com/accessPolicies/:accessPolicyId \
  -d '{
  "name": "FactoryAdministratorPolicy",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ]
}'
HTTP/1.1 200 OK
Content-Type: application/json

{
  "name": "FactoryAdministratorPolicy",
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ],
  "uiPermissions": [],
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Delete an access policy

Delete an access policy.

DELETE /accessPolicies/:accessPolicyId
Authorization: $OPERATOR_API_KEY
curl -i \
  -H Authorization:$OPERATOR_API_KEY \
  -X DELETE https://api.evrythng.com/accessPolicies/:accessPolicyId
HTTP/1.1 204 No Content