Get the privileges of an access token

This is for:

In this article

Valid owner, targetDomain, and type combinations
Sample request

When you perform a REST API operation call, you must ensure that the access token you use to authenticate your API call minimally grants you the privileges that are required to access the endpoint. Otherwise, the call typically returns a 401 UNAUTHORIZED response.

Use the Get all organization privileges for the access token operation to retrieve the list of privileges granted to a specific access token (OAuth2 token, Coveo API key, or JWT search token) within the scope of a specific Coveo organization.

Request template:

POST https://platform.cloud.coveo.com/rest/organizations/<MyOrganizationId>/privileges/token?accessToken=<MyAccessTokenToValidate> HTTP/1.1

Accept: application/json
Content-Type: application-json
Authorization: Bearer <MyAccessToken>

Payload:

{}

In the request path:

Replace <MyorganizationId> with the ID of the target Coveo organization.
Replace <MyAccessTokenToValidate> with the access token whose privileges you want to retrieve.

In the Authorization HTTP header:

Replace <MyAccessToken> with a valid Coveo access token (API key or OAuth2 token). This access token doesn’t need to have any privileges in the target Coveo organization, if not already done.

The body of a successful response (200 OK) contains the list of privileges granted by the token that corresponds to the accessToken you provide as a query string argument. These privileges only apply within the target Coveo organization.

Valid owner, targetDomain, and type combinations

Each Coveo Platform REST API operation has its own set of minimum required privileges.

A privilege is represented by a valid combination of an owner value (USAGE_ANALYTICS, COVEO_ML, PLATFORM, or SEARCH_API) and a targetDomain value (such as REPORTS, SOURCE, or EXECUTE_QUERY). Most privileges must also have a type value (CREATE, VIEW, or EDIT).

Some domains offer the Custom access level option. This lets you grant each API key, source, group, or extension its own access level.

Sample request

Getting the privileges of an access token:

POST https://platform.cloud.coveo.com/rest/organizations/mycoveocloudv2organizationg8tp8wu3/privileges/token?accessToken=xx590a182c-5045-4914-a00b-1f4099581b3e HTTP/1.1

Accept: application/json
Content-Type: application-json
Authorization: Bearer **********-****-****-****-************

Payload:

{}

Successful response - 200 OK:

[
  {
    "targetDomain": "EXECUTE_QUERY",
    "targetIds": [],
    "owner": "SEARCH_API",
    "global": false
  },
  {
    "type": "EDIT",
    "targetDomain": "ANALYTICS_DATA",
    "targetIds": [],
    "owner": "USAGE_ANALYTICS",
    "global": false
  }
]