Skip to content
Kisum • Documentation

GET /auth/me/access — canonical effective access

GET
/auth/me/access

Single canonical endpoint for resolving effective access (modules, permissions, delegation) for the authenticated user in the active company.

Frontend bootstrap mode: Authorization + x-org. Do not send X-Internal-API-Key from browsers.

Backend enforcement mode: same headers plus X-Internal-API-Key matching AUTH_INTERNAL_API_KEY so Auth can trust the calling service.

Do not use query parameters for company selection; company context must be supplied via the x-org header.

Authorizations

Section titled “Authorizations ”

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Effective access resolved for the user in the company from x-org.

object
success
required
boolean
data
required
object
userId
required
string format: uuid
companyId
required
string format: uuid
tenantRole
required
string
Example
ADMIN
modules
required
Array<string>
permissions
required
Array<string>
delegation
required
object
canManageUsers
boolean
canBuyAddons
boolean
grantableModules
Array<string>
grantablePermissions
Array<string>
meta
required
object
tokenVersion
integer
accessVersion
integer
entitlementVersion
integer
generatedAt
string format: date-time

400

Section titled “400 ”

Missing or invalid x-org, or invalid request context.

object
success
boolean
error
object
code
string
Example
validation_error
message
string

401

Section titled “401 ”

Missing, invalid, expired, or revoked bearer token.

object
success
boolean
error
object
code
string
Example
validation_error
message
string

403

Section titled “403 ”

No membership in the company from x-org, or access forbidden.

object
success
boolean
error
object
code
string
Example
validation_error
message
string

503

Section titled “503 ”

Auth cannot complete resolution (e.g. upstream Core unavailable or timeout).

object
success
boolean
error
object
code
string
Example
validation_error
message
string