POST /auth/admin/api/permissions
Create a permission
Create a permission
/auth/admin/api/permissionsRequest body
AdminCreatePermissionDto
| Field | Type | Required | Description |
|---|---|---|---|
name | string | required | Permission name (must be unique per guard) Example: users.create |
guard | string | optional | Guard name (defaults to "web" if not provided) Example: web |
description | string | optional | Optional description of what this permission allows Example: Allows creating new user accounts |
category | string | optional | Optional category to group permissions (e.g., "users", "posts", "admin") Example: users |
Examples
Example
{
"name": "users.create",
"guard": "web",
"description": "Allows creating new user accounts",
"category": "users"
}Responses
201
400Validation failed (bad input).
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}401Admin session missing or invalid.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}403Authenticated but not permitted.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}404Permission not found.
ApiErrorResponseDto
| Field | Type | Required | Description |
|---|---|---|---|
statusCode | number | required | HTTP status code Example: 401 |
error | string | required | HTTP status text / exception name Example: Unauthorized |
message | string | required | Human-readable message Example: Invalid credentials |
code | string | required | Stable, machine-readable error code — branch on this, not the message Example: INVALID_CREDENTIALS |
Example response
{
"statusCode": 401,
"error": "Unauthorized",
"message": "Invalid credentials",
"code": "INVALID_CREDENTIALS"
}Try it
curl -X POST 'https://api.example.com/auth/admin/api/permissions' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
-d '{"name":"users.create","guard":"web","description":"Allows creating new user accounts","category":"users"}'