Access Policies represent roles in the platform, this API allows developers to create an entirely personalised RBAC system on their accounts.

It allows creation and management of access policies that define the resources and operations one is allowed to access.
For example, a product manufacturing company may decide to create the "machineOperator" and "shopManager" roles and these would be represented in the platform by two distinct and unique access policies. These policies would, for example, allow machine operators to read thngs and products but not create them, and allow shop managers to read scans but not delete them.

Note

Read the Roles and Permissions page to learn about how this API can be used to
fulfil the most typical use cases.

An access policy is defined by a list of permissions and an optional list of uiPermissions.

See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions

Permissions

A permission defines the resource and operations one is allowed to perform. It is defined by a resource name followed by the allowed operations.

For example, a permission to read, list, create, update and delete a thng is represented in the following string format: thngs:read,list,create,update,delete - a resource name and a comma separated list of operations, where the resource and operations are separated by a colon.

See Resources to learn about the available resources and their meanings, and Operations to learn how to utilise them.

An access policy is constituted by an array of permissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions array would serve as an example:

[
  "accounts:read,update",
  "accessPolicies:read,list",
  "factories:list",
  "operatorAccess:list,read,create,update,delete",
  "places:read,list",
  "products:read,list",
  "purchaseOrders:read,list",
  "purchaseOrdersAggregations:list"
]

Operations

Operations represent HTTP methods allowed to a particular resource.
There are five different types of Operations:

Create - The ability to make a POST request to a given API and create an instance of its resource in the platform.
Read - The ability to make a GET-by-ID request to a given API and retrieve a single object of that resource.
List - The ability to make a GET request to a given API and retrieve all resources through an array of objects.
Update - The ability to make a PUT request to a given API and update a given resource.
Delete - The ability to make a DELETE request to a given API and delete a given resource.

Operation Notation

In the resource table below, Operations will be presented in the following
notation:(C) - Create(R) - Read(L) - List(U) - Update(D) - Delete

Resources

A resource represents an entity data model in the platform. For any given resource there is a base endpoint associated with.

All available resources, possible operations, their associated endpoints and supported restrictive conditions are listed below:

Endpoint	Resource	Operations	Supported restrictive conditions
/access	access	read
/accesses	accesses	create,list
/accesses/:accessId	accesses	delete,read
/accessPolicies	accessPolicies	create,list	accessPolicyId - Restrictive condition on an access policyID
/accessPolicies/:accessPolicyId	accessPolicies	read,delete,update	accessPolicyId- Restrictive condition on an access policyID
/accessTokens	accessTokens	create,list
/accessTokens/:accessTokenId	accessTokens	read,update,delete
/accounts	accounts	list,create
/accounts/:accountId	accounts	read,update,delete
/accounts/:accountId/accesses	accountAccesses	list,create
/accounts/:accountId/accesses/:accessId	accountAccesses	read,update,delete
/accounts/:accountId/domains	domains	list
/accounts/:accountId/modules	modules	list
/accounts/:accountId/modules/:moduleId	modules	read,update
/accounts/:accountId/operatorAccess	operatorAccess	create,list	accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies.
/accounts/:accountId/operatorAccess/:operatorAccessId	operatorAccess	read,delete,update	accessPolicyId- Restrictive condition on an access policy ID. Role assignment is controlled based on the caller's access to certain access policies.
/accounts/:accountId/rateLimit	accountRateLimits	create,list
/accounts/:accountId/rateLimit/:name	accountRateLimits	read,update,delete
/accounts/:accountId/shortDomains	shortDomains	update,list
/actions	actions	create,read
/actions/all	allActions	list,read
/actions/checkins	checkinsActions	read,list,create,update,delete
/actions/commissions	commissionsActions	read,list,create,update,delete
/actions/_:customType	customActions	read,list,create,update,delete
/actions/decommissions	decommissionsActions	read,list,create,update,delete
/actions/encodings	encodingsActions	read,list,create,update,delete
/actions/implicitScans	implicitScansActions	read,list,create,update,delete
/actions/invalidScans	invalidScansActions	read,list,create,update,delete
/actions/scans	scansActions	read,list,create,update,delete
/actions/shares	sharesActions	read,list,create,update,delete
/actions/_:customType/:actionId	customActions	read,delete
/actions/all/:actionId	allActions	list,read
/actions/checkins/:actionId	checkinsActions	read,delete
/actions/commissions/:actionId	commissionsActions	read,delete
/actions/decommissions/:actionId	decommissionsActions	read,delete
/actions/encodings/:actionId	encodingsActions	read,delete
/actions/implicitScans/:actionId	implicitScansActions	read,delete
/actions/invalidScans/:actionId	invalidScansActions	read,delete
/actions/scans/:actionId	scansActions	read,delete
/actions/shares/:actionId	sharesActions	read,delete
/actions/all/aggregations	actions	list
/actionTypes	actionTypes	list,create
/actionTypes/:actionType	actionTypes	read,update,delete
/adis/orders	adiOrders	create,list
/adis/orders/:orderId	adiOrders	read
/adis/orders/:orderId/events	adiOrdersEvents	list,create
/adis/orders/:orderId/events/:eventId	adiOrdersEvents	read
/analytics/embed/dashboards/:dashboardId	analyticsEmbed	read
/analytics/v2/metrics/:metricName/compute	analytics	list
/auth/strategies/:strategy/:provider	authStrategies	read
/auth/strategies/:strategy/:provider/callback	authStrategies	create,read
/graphql	analyticsGraphql	create,list
/collections	collections	create,list
/collections/:collectionId	collections	read,update,delete
/collections/:collectionId/actions/all	collectionsActions	create,list
/collections/:collectionId/actions/checkins	collectionsCheckinsActions	create,list
/collections/:collectionId/actions/commissions	collectionsCommissionsActions	create,list
/collections/:collectionId/actions/_:customActionType	collectionsCustomActions	create,list
/collections/:collectionId/actions/decommissions	collectionsDecommissionsActions	create,list
/collections/:collectionId/actions/encodings	collectionsEncodingsActions	create,list
/collections/:collectionId/actions/implicitScans	collectionsImplicitScansActions	create,list
/collections/:collectionId/actions/invalidScans	collectionsInvalidScansActions	create,list
/collections/:collectionId/actions/scans	collectionsScansActions	create,list
/collections/:collectionId/actions/shares	collectionsSharesActions	create,list
/collections/:collectionId/actions/all/:actionId	collectionsActions	read
/collections/:collectionId/actions/checkins/:actionId	collectionsCheckinsActions	read,delete
/collections/:collectionId/actions/commissions/:actionId	collectionsCommissionsActions	read,delete
/collections/:collectionId/actions/_:customActionType/:actionId	collectionsCustomActions	read,delete
/collections/:collectionId/actions/decommissions/:actionId	collectionsDecommissionsActions	read,delete
/collections/:collectionId/actions/encodings/:actionId	collectionsEncodingsActions	read,delete
/collections/:collectionId/actions/implicitScans/:actionId	collectionsImplicitScansActions	read,delete
/collections/:collectionId/actions/invalidScans/:actionId	collectionsInvalidScansActions	read,delete
/collections/:collectionId/actions/scans/:actionId	collectionsScansActions	read,delete
/collections/:collectionId/actions/shares/:actionId	collectionsSharesActions	read,delete
/collections/:collectionId/collections	collections	create,list,delete
/collections/:collectionId/collections/:childCollectionId	collections	delete
/collections/:collectionId/thngs	collections	list,update,delete
/collections/:collectionId/thngs/:thngId	collections	delete
/files	files	create,list
/files/:fileId	files	read,delete
/me	me	read
/metrics/totalActivations	totalActivations	read
/metrics/activePurchaseOrders	activePurchaseOrders	read
/metrics/activeFactories	activeFactories	read
/operators	operators	create,list
/operators/:operatorId	operators	read,delete,update
/operators/:operatorId/status	operatorsStatus	read,update
/operators/login/evrythng	operatorsLogin	create
/places	places	create,list
/places/:placeId	places	read,update,delete
/places/factories/*/aggregations/timeseries	factories	list
/places/factories/*/purchaseOrders/aggregations	factories	list
/places/factories/*/zones/aggregations	factories	list
/products	products	create,list
/products/:productId	products	read,update,delete
/products/:productId/actions/all	productsActions	create,list
/products/:productId/actions/checkins	productsCheckinsActions	read,create,list,update,delete
/products/:productId/actions/commissions	productsCommissionsActions	read,create,list,update,delete
/products/:productId/actions/_:customActionType	productsCustomActions	read,create,list,update,delete
/products/:productId/actions/decommissions	productsDecommissionsActions	read,create,list,update,delete
/products/:productId/actions/encodings	productsEncodingsActions	read,create,list,update,delete
/products/:productId/actions/implicitScans	productsImplicitScansActions	read,create,list,update,delete
/products/:productId/actions/invalidScans	productsInvalidScansActions	read,create,list,update,delete
/products/:productId/actions/scans	productsScansActions	read,create,list,update,delete
/products/:productId/actions/shares	productsSharesActions	read,create,list,update,delete
/products/:productId/actions/all/:actionId	productsActions	read
/products/:productId/actions/checkins/:actionId	productsCheckinsActions	read
/products/:productId/actions/commissions/:actionId	productsCommissionsActions	read
/products/:productId/actions/_:customActionType/:actionId	productsCustomActions	read
/products/:productId/actions/decommissions/:actionId	productsDecommissionsActions	read
/products/:productId/actions/encodings/:actionId	productsEncodingsActions	read
/products/:productId/actions/implicitScans/:actionId	productsImplicitScansActions	read
/products/:productId/actions/invalidScans/:actionId	productsInvalidScansActions	read
/products/:productId/actions/scans/:actionId	productsScansActions	read
/products/:productId/actions/shares/:actionId	productsSharesActions	read
/products/:productId/properties	products	create,list,update,delete
/products/:productId/properties/:propertyKey	products	read,update,delete
/products/:productId/redirector	products	create,read,update,delete
/projects	projects	create,list
/projects/:projectId	projects	read,update,delete
/projects/:projectId/applications	applications	create,list
/projects/:projectId/applications/:applicationId	applications	read,update,delete
/projects/:projectId/applications/:applicationId/reactor/script	reactor	read,update
/projects/:projectId/applications/:applicationId/reactor/script/status	reactor	read
/projects/:projectId/applications/:applicationId/reactor/logs	reactorLogs	read,delete
/projects/:projectId/applications/:applicationId/reactor/logs/bulk	reactorLogs	create
/projects/:projectId/applications/:applicationId/reactor/schedules	reactorSchedules	create,list
/projects/:projectId/applications/:applicationId/reactor/schedules/:reactorScheduleId	reactorSchedules	read,update,delete
/projects/:projectId/applications/:applicationId/redirector	redirections	read,update
/purchaseOrders	purchaseOrders	create,list
/purchaseOrders/:purchaseOrderId	purchaseOrders	read,update,delete
/purchaseOrders/aggregations	purchaseOrdersAggregations	list
/purchaseOrders/*/aggregations	purchaseOrdersAggregations	list
/purchaseOrders/*/products/aggregations	purchaseOrdersAggregations	list
/redirections	redirections	create
/redirections/{GS1_PATH}	redirections	read
/redirections/:shortId	redirections	read,update,delete
/redirector	redirector	read,update,delete
/rules/authenticity	rules	create
/shipmentNotices	shipmentNotices	create,list
/shipmentNotices/:shipmentNoticeId	shipmentNotices	read,update,delete
/scan/identifications	scan	create,read
/thngs	thngs	create,list,delete
/thngs/:thngId	thngs	read,update,delete
/thngs/:thngId/actions/all	thngsActions	create,list
/thngs/:thngId/actions/checkins	thngsCheckinsActions	read,create,list,update,delete
/thngs/:thngId/actions/commissions	thngsCommissionsActions	read,create,list,update,delete
/thngs/:thngId/actions/_:customActionType	thngsCustomActions	read,create,list,update,delete
/thngs/:thngId/actions/decommissions	thngsDecommissionsActions	read,create,list,update,delete
/thngs/:thngId/actions/encodings	thngsEncodingsActions	read,create,list,update,delete
/thngs/:thngId/actions/implicitScans	thngsImplicitScansActions	read,create,list,update,delete
/thngs/:thngId/actions/invalidScans	thngsInvalidScansActions	read,create,list,update,delete
/thngs/:thngId/actions/scans	thngsScansActions	read,create,list,update,delete
/thngs/:thngId/actions/shares	thngsSharesActions	read,create,list,update,delete
/thngs/:thngId/actions/all/:actionId	thngsActions	read
/thngs/:thngId/actions/checkins/:actionId	thngsCheckinsActions	read,delete
/thngs/:thngId/actions/commissions/:actionId	thngsCommissionsActions	read,delete
/thngs/:thngId/actions/_:customType/:actionId	thngsCustomActions	read,delete
/thngs/:thngId/actions/decommissions/:actionId	thngsDecommissionsActions	read,delete
/thngs/:thngId/actions/encodings/:actionId	thngsEncodingsActions	read,delete
/thngs/:thngId/actions/implicitScans/:actionId	thngsImplicitScansActions	read,delete
/thngs/:thngId/actions/invalidScans/:actionId	thngsInvalidScansActions	read,delete
/thngs/:thngId/actions/scans/:actionId	thngsScansActions	read,delete
/thngs/:thngId/actions/shares/:actionId	thngsSharesActions	read,delete
/thngs/:thngId/commissionState	thngsCommissioningState	read
/thngs/:thngId/location	thngs	list,create,update,delete
/thngs/:thngId/properties	thngs	list,create,update,delete
/thngs/:thngId/properties/:propertyKey	thngs	read,update,delete
/thngs/:thngId/redirector	thngs	create,read,update,delete
/time	time	read

Restrictive Conditions

Before learning about how this API supports them, read about Restrictive Conditions to understand the concept.

The Access Policies API supports restrictive conditions on an access policy ID. Meaning that for a given API key with a restrictive condition on accessPolicyId the API will filter out all access policies that are not part of the caller's restrictive conditions.

For example:

A certain Operator Access with the following conditions:

See Permissions to learn about how they're represented in the platform and how to configure them. For UI permissions configuration see UI Permissions

{
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "name": "The Operator's name",
  "operator": "UsSNYMPhapktcaaabfahfpdp",
  "policies": [
    "UsSNYMPhapktcaaabfahfpdp"
  ],
  "conditions": [
    "accessPolicyId:UsSNYMPhapktcaaabfahfpdp",
    "accessPolicyId:UsLOOMDhrpktcooobfahfade"
  ]
}

and that the Operator above has an API key that allows C, R, L, U, D operations on access policies, the following scenarios will occur when that key is used:

GET /accessPolicies will only return policies which IDs are UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade
Get /accessPolicies/:accessPolicyId will only return data if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
PUT /accessPolicies/:accessPolicyId will only be accessible if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
DELETE /accessPolicies/:accessPolicyId will only be accessible if accessPolicyId is either UsSNYMPhapktcaaabfahfpdp or UsLOOMDhrpktcooobfahfade, otherwise nothing is found and therefore 404 Not Found error is returned.
POST /accessPolicies will allow the creation of access policies that do not extend the permissions present on the caller's access policy - UsSNYMPhapktcaaabfahfpdp, otherwise the payload is considerate incorrect and a 400 Bad Request error is returned. See blocked elevated privileges to learn how the system ensures that access policies created by API keys that have other access policies assign to them do not extend their own permissions.

Blocked Elevated Permissions

The API needs to ensure callers with certain access policies assigned do not elevate their own permissions by creating access policies with greater access than their own.

To achieve that, based on the caller's assigned access policies, the API gets and merges their permissions to a single list of permissions, and ensures the payload intended to be created is qualified.
For example:
Given the caller API key has policy1 and policy2 assigned to herself, and that the combination of permissions of those policies is:

[
  "accounts:read,update",
  "accessPolicies:read,list",
  "places:read,list",
  "products:read,list",
  "thngs:read,list"
]

in this case, the following requests would not be allowed:

Here it will fail because the caller has no delete access on accounts:

{
  "name": "Policy name",
  "permissions": [
    "accounts:delete"
  ]
}

{
  "status": 400,
  "error": "Bad Request",
  "message": "The caller does not have access to the account resource and delete action listed in payload 'permissions'."
}

And here, because the caller does not have access to the scans resource at all:

{
  "name": "Policy name",
  "permissions": [
    "scans:read"
  ]
}


{
  "status": 400,
  "error": "Bad Request",
  "message": "The caller does not have access to the scans resource and read action listed in payload 'permissions'."
}

UI Permissions

A UI permission defines the dashboard page or feature one is allowed to access. It is defined by the dashboard page unique name. For example, a UI permission to the Consumer Engagement dashboard page is represented in the following string format: "consumerEngagement" - only users with this ui permission will be able to access this dashboard page.

An access policy is constituted by an array of permissions and an array of uiPermissions. To represent an access policy for a factory administrator of a product manufacturing company, the following permissions and uiPermissions array would serve as an example:

permission example:

[
  "accounts:read,update",
  "accessPolicies:read,list",
  "factories:list",
  "operatorAccess:list,read,create,update,delete",
  "places:read,list",
  "products:read,list",
  "purchaseOrders:read,list",
  "purchaseOrdersAggregations:list"
]

uiPermission example:

[
  "activation",
  "adiOrders",
  "authenticate",
  "consumerEngagement",
  "counterfeit",
  "grayMarket",
  "inventoryVisibility",
  "inventoryTrace"
]

The uiPermissions list is a subject of the same restrictions as described in Blocked elevated permissions

Homepage

A homepage defines the dashboard or feature the holder of a policy should be shown by default. The value of the homepage must exist in the uiPermissions of the policy.

API Status
General Availability:
/accessPolicies/{accessPolicyId}
/accessPolicies

Jump To↓\nAccessPolicyDocument\nCreate an access policy\nRead an access policy\nRead all access policies\nUpdate an access policy\nDelete an access policy

AccessPolicyDocument Data Model

An access policy resource.
.name (string, required) The name of the policy..permissions (array of AccessPolicyPermissionField) A list of combinations of resource and type of access. .uiPermissions (array of strings) A list of UI permissions. .homepage (string) The homepage to display in the UI. Must exist in policy's uiPErmissions..customFields (CustomFieldsDocument) Object of case-sensititve key-value pairs of custom fields associated with the resource..identifiers (IdentifiersDocument) Various identifiers (EPC, GTIN, etc.) as a JSON object with one or more key-value pairs..tags (array of string) Array of string tags associated with this resource.

{
  "additionalProperties": false,
  "type": "object",
  "description": "An access policy resource.",
  "required": ["name"],
  "properties": {
    "name": {
      "description": "The name of the policy.",
      "type": "string",
      "example": "FactoryAdministratorPolicy",
      "minLength": 5,
      "maxLength": 128,
      "pattern": "^[a-zA-Z0-9:\\._\\s-]+$"
    },
    "permissions": {
      "description": "A list of combinations of resource and type of access.",
      "type": "array",
      "items": {
        "description": "An access policy permission. Each must include a resource type, such as places or thngs, and one or more types of access from create, list, read, update, and delete.",
        "type": "string",
        "example": "places:list,read,update",
        "minLength": 3,
        "maxLength": 256,
        "pattern": "^[a-zA-Z0-9\\.]+:[a-z,\\*]+$"
      },
      "minItems": 1,
      "maxItems": 100
    },
    "uiPermissions": {
      "description": "A list of UI permissions",
      "type": "array",
      "items": {
        "type": "string",
        "minLength": 1,
        "maxLength": 128
      },
      "uniqueItems": true
    },
    "homepage": {
      "description": "The homepage to display in the UI. The homepage must be included in the uiPermissions list within the current access policy document.",
      "type": "string",
      "example": "adiOrders",
      "minLength": 1,
      "maxLength": 128
    },
    "customFields": {
      "type": "object",
      "description": "Object of case-sensitive key-value pairs of custom fields associated with the resource."
    },
    "identifiers": {
      "type": "object",
      "description": "Various identifiers (EPC, GTIN, etc.) as a JSON object with one or more key-value pairs."
    },
    "tags": {
      "type": "array",
      "description": "Array of string tags associated with this resource.",
      "items": {
        "type": "string",
        "maxLength": 60
      }
    }
  },
  "x-filterable-fields": [
    {
      "name": "name",
      "type": "string",
      "operators": ["="]
    },
    {
      "name": "identifiers.<key>",
      "type": "string",
      "operators": ["="]
    },
    {
      "name": "tags",
      "type": "list of string",
      "operators": ["="]
    }
  ]
}

{
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "name": "factoryManager",
  "description": "Allows factory managers to manage operators",
  "permissions": [
    "accounts:read,update",
    "products:read",
    "purchaseOrders:read,list",
    "thngs:read",
    "thngsCommissioning:create,list",
    "thngsCommissioningState:read"
  ],
  "uiPermissions": [
    "activation",
    "adiOrders",
    "authenticate"
  ],
  "homepage": "adiOrders",
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Filterable Fields

This resource type can be filtered using the following fields and operators.

Field	Type	Operators
`name`	String	`=`
`identifiers.<key>`	String	`=`
`tags`	List of string	`=`

Create an access policy

Create a new access policy resource.
POST /accessPolicies\nContent-Type: application/json\nAuthorization: $OPERATOR_API_KEY\n\nAccessPolicyDocument

{
  "name": "FactoryAdministratorPolicy",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ]
}

HTTP/1.1 201 Created\nContent-Type: application/json


{
  "name": "FactoryAdministratorPolicy",
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ],
  "uiPermissions": [],
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Read an access policy

Read an access policy

GET /accessPolicies/:accessPolicyId Authorization: $OPERATOR_API_KEY

{
  "method": "GET",
  "url": "https://api.evrythng.com/accessPolicies/:accessPolicyId",
  "headers": {
    "Authorization": "$OPERATOR_API_KEY"
  }
}

{
  "name": "FactoryAdministratorPolicy",
  "id": "UsSNYMPhapktcaaabfahfpdp",
  "permissions": [
    "actions:create",
    "places:list,read,update",
    "products:list,read",
    "purchaseOrders:list,read",
    "thngs:read"
  ],
  "uiPermissions": [],
  "tags": [],
  "identifiers": {},
  "customFields": {}
}

Read all access policies

Read all access policies in an account

[
  {
    "method": "GET",
    "url": "/accessPolicies",
    "headers": {
      "Authorization": "$OPERATOR_API_KEY"
    }
  },
  {
    "method": "GET",
    "url": "https://api.evrythng.com/accessPolicies",
    "headers": {
      "Authorization": "$OPERATOR_API_KEY"
    }
  }
]

[
  {
    "name": "FactoryAdministratorPolicy",
    "id": "UsSNYMPhapktcaaabfahfpdp",
    "description": "Description of FactoryAdministratorPolicy",
    "permissions": [
      "actions:create",
      "places:list,read,update",
      "products:list,read",
      "purchaseOrders:list,read",
      "thngs:read"
    ],
    "uiPermissions": [
      "activation",
      "adiOrders",
      "authenticate"
    ],
    "tags": [],
    "identifiers": {},
    "customFields": {}
  },
  {
    "name": "BrandOwnerPolicy",
    "id": "UsSNYMPhapktcaaabfahfpdp",
    "permissions": [
      "actions:create",
      "places:list,read,update",
      "products:list,read",
      "purchaseOrders:list,read",
      "thngs:read"
    ],
    "uiPermissions": [],
    "tags": [],
    "identifiers": {},
    "customFields": {}
  }
]

Update an access policy

Update an access policy resource.

PUT /accessPolicies/:accessPolicyId  
Content-Type: application/json  
Authorization: $OPERATOR_API_KEY

AccessPolicyDocument (partial)

curl -i \
  -H "Content-Type: application/json" \
  -H "Authorization: $OPERATOR_API_KEY" \
  -X PUT https://api.evrythng.com/accessPolicies/:accessPolicyId \
  -d '{
    "name": "FactoryAdministratorPolicy",
    "permissions": [
      "actions:create",
      "places:list,read,update",
      "products:list,read",
      "purchaseOrders:list,read",
      "thngs:read"
    ]
  }

Delete an access policy

Delete an access policy.

DELETE /accessPolicies/:accessPolicyId\nAuthorization: $OPERATOR_API_KEY

curl -i   -H Authorization:$OPERATOR_API_KEY  -X DELETE https://api.evrythng.com/accessPolicies/:accessPolicyId

Response

HTTP/1.1 204 No Content