Get the Privileges of an Access Token

Get the Privileges of an Access Token

When you perform a REST API operation call, you must ensure that the access token you use to authenticate your API call minimally grants you the privileges which are required to access the endpoint (see Manage Privileges and Privilege Reference). Otherwise, the call typically returns a 401 UNAUTHORIZED response.

Use the Get all organization privileges for the access token operation to retrieve the list of privileges which are granted to a certain access token (OAuth2 token, Coveo API key, or JWT search token) in the scope of a specific Coveo organization.

POST https://platform.cloud.coveo.com/rest/organizations/<MyOrganizationId>/privileges/token?accessToken=<MyAccessTokenToValidate> HTTP/1.1
 
Accept: application/json
Content-Type: application-json
Authorization: Bearer <MyAccessToken>

{}

In the request path:

• Replace <MyorganizationId> with the actual ID of the target Coveo organization (see Retrieve the Organization ID).
• Replace <MyAccessTokenToValidate> with the access token whose privileges you want to retrieve.

In the Authorization HTTP header:

• Replace <MyAccessToken> with a valid Coveo access token (API key or OAuth2 token). This access token doesn’t need to have any privileges in the target Coveo organization, if not already done.

The body of a successful response (200 OK) contains the list of privileges granted by the token that corresponds to the accessToken you provide as a query string argument (see Valid Privilege owner, targetDomain, and type Combinations). Those privileges only apply within the confines of the target Coveo organization.

Sample Request

POST https://platform.cloud.coveo.com/rest/organizations/mycoveocloudv2organizationg8tp8wu3/privileges/token?accessToken=xx590a182c-5045-4914-a00b-1f4099581b3e HTTP/1.1
 
Accept: application/json
Content-Type: application-json
Authorization: Bearer **********-****-****-****-************

{}

[
  {
    "targetDomain": "EXECUTE_QUERY",
    "targetIds": [],
    "owner": "SEARCH_API",
    "global": false
  },
  {
    "type": "EDIT",
    "targetDomain": "ANALYTICS_DATA",
    "targetIds": [],
    "owner": "USAGE_ANALYTICS",
    "global": false
  }
]

Is this article useful?

You can close this window or leave a comment below.

Very useful Not really

Can you tell us more about your experience today?

Comments (optional)

Leave your email address if you'd like us to get back to you.

Email (optional)

Please provide a valid email address.

The Coveo Privacy Policy applies.

Need help? Ask the Community.

Submit

Is this article useful?

You can close this window or leave a comment below.

Very useful Not really

Can you tell us more about your experience today?

Comments (optional)

Leave your email address if you'd like us to get back to you.

Email (optional)

Please provide a valid email address.

The Coveo Privacy Policy applies.

Need help? Ask the Community.

Submit