Get the privileges you can assign to an API key

This is for:

In this article

Valid owner, targetDomain, and type combinations
Sample request

A Coveo API key is granted a set of privileges that are only valid within a specific Coveo organization.

You can use the Get all possible privileges for API keys in the selected organization call to retrieve the list of values that are assignable to the privileges parameter when you create an API key.

Request template:

GET https://platform.cloud.coveo.com/rest/organizations/<MyOrganizationId>/privileges/apikeys HTTP/1.1

Accept: application/json
Authorization: Bearer <MyAccessToken>

In the request path:

Replace <MyOrganizationId> with the ID of the target Coveo organization.

In the Authorization HTTP header:

Replace MyAccessToken with an access token (API key or OAuth2 token) that grants you the privilege to view API keys in the target organization.

Note

You can’t authenticate this call using an API key because an API key can’t have the privilege to edit or view other API keys.

The body of a successful response contains the list of all privileges that are individually assignable to any API key in the Coveo organization matching the organizationId you provide as a path argument.

Note

The most important properties of an API key privilege are its targetDomain, owner, and type. You don’t need to specify the targetIds and global properties of the privileges you include in the privileges parameter when creating an API key.

Valid owner, targetDomain, and type combinations

Each Coveo Platform REST API operation has its own set of minimum required privileges.

A privilege is represented by a valid combination of an owner value (USAGE_ANALYTICS, COVEO_ML, PLATFORM, or SEARCH_API) and a targetDomain value (such as REPORTS, SOURCE, or EXECUTE_QUERY). Most privileges must also have a type value (CREATE, VIEW, or EDIT).

Some domains offer the Custom access level option. This lets you grant each API key, source, group, or extension its own access level.

Sample request

Getting the privileges assignable to an API key in a specific Coveo organization:

GET https://platform.cloud.coveo.com/rest/organizations/mycoveocloudv2organizationg8tp8wu3/privileges/apikeys HTTP/1.1

Accept: application/json
Authorization: Bearer **********-****-****-****-************

Successful response - 200 OK:

[
  {
    "targetDomain": "AUTHENTICATION_EDITOR",
    "targetIds": [],
    "owner": "SEARCH_API",
    "global": false
  },
  {
    "type": "EDIT",
    "targetDomain": "ON_PREMISE_ADMINISTRATION",
    "targetIds": [],
    "owner": "PLATFORM",
    "global": false
  },
  ...
]