---
title: Get the privileges you can assign to an API key
slug: '60'
canonical_url: https://docs.coveo.com/en/60/
collection: manage-an-organization
source_format: adoc
---
# Get the privileges you can assign to an API key
A Coveo API key is [granted a set of privileges](https://docs.coveo.com/en/3151/) that are only valid within a specific [Coveo organization](https://docs.coveo.com/en/185/).

You can use the [Get all possible privileges for API keys in the selected organization](https://platform.cloud.coveo.com/docs?urls.primaryName=AuthorizationServer#/Organization%20Privileges/rest_organizations_paramId_privileges_apikeys_get) call to retrieve the list of values that are assignable to the `[privileges](https://docs.coveo.com/en/228/)` parameter when you [create an API key](https://docs.coveo.com/en/1718#create-an-api-key).

**Request template:**

```http
GET https://platform.cloud.coveo.com/rest/organizations/<MyOrganizationId>/privileges/apikeys HTTP/1.1

Accept: application/json
Authorization: Bearer <MyAccessToken>
```

In the request path:

* Replace `<MyOrganizationId>` with the [ID of the target Coveo organization](https://docs.coveo.com/en/148/).

In the `Authorization` HTTP header:

* Replace `MyAccessToken` with [an access token](https://docs.coveo.com/en/123/) (API key or OAuth2 token) that grants you the privilege to view API keys in the target organization.

> **Note**
>
> You can't authenticate this call using an API key because an API key can't have the privilege to edit or view other API keys.

The body of a successful response contains the list of all privileges that are individually assignable to any API key in the Coveo organization matching the `organizationId` you provide as a path argument.

> **Note**
>
> The most important properties of an API key privilege are its [`targetDomain`, `owner`, and `type`](#valid-owner-targetdomain-and-type-combinations).
> You don't need to specify the `targetIds` and `global` properties of the privileges you include in the `privileges` parameter when creating an API key.

## Valid owner, targetDomain, and type combinations

Each [Coveo Platform](https://docs.coveo.com/en/186/) REST API operation has its own set of minimum required [privileges](https://docs.coveo.com/en/228/).

A privilege is represented by a valid combination of an `owner` value (`USAGE_ANALYTICS`, `COVEO_ML`, `PLATFORM`, or `SEARCH_API`) and a `targetDomain` value (such as `REPORTS`, `SOURCE`, or `EXECUTE_QUERY`).
Most privileges must also have a `type` value (`CREATE`, `VIEW`, or `EDIT`).

[Some domains](https://docs.coveo.com/en/1707/) offer the [Custom access level](https://docs.coveo.com/en/3151#custom-access-level) option.
This lets you grant each API key, source, group, or extension its own access level.

## Sample request

**Getting the privileges assignable to an API key in a specific Coveo organization:**

```http
GET https://platform.cloud.coveo.com/rest/organizations/mycoveocloudv2organizationg8tp8wu3/privileges/apikeys HTTP/1.1

Accept: application/json
Authorization: Bearer **********-****-****-****-************
```

**Successful response - 200 OK:**

```json
[
  {
    "targetDomain": "AUTHENTICATION_EDITOR",
    "targetIds": [],
    "owner": "SEARCH_API",
    "global": false
  },
  {
    "type": "EDIT",
    "targetDomain": "ON_PREMISE_ADMINISTRATION",
    "targetIds": [],
    "owner": "PLATFORM",
    "global": false
  },
  ...
]
```