Access Control

Access roles and privileges enable you to manage and specify the level of access that different users have within your application.

To effectively control user access, you must first create a set of Privileges and associate them with a Role. Then you can assign these roles to individual Tenant users and ensure that their privileges are evaluated for various actions within the application.

---

List Roles

List all roles configured for your app.

HTTP Request

GET https://api.thebridge.dev/account/role

Response HTTP 200

HTTP 200 — Array of Role model.

Request example

cURL ▼

Copy

curl --request GET 'https://api.thebridge.dev/account/role' \
--header 'x-api-key: YOUR_APP_API_KEY'

Response example:

[
    {
        "id": "650cd8510ccba777cc9623de",
        "name": "OWNER",
        "key": "OWNER",
        "privileges": [
            {
                "id": "650cd8510ccba777cc9623d4",
                "key": "AUTHENTICATED",
                "description": "Privilege for all authenticated users"
            }
        ],
        "isDefault": false
    }
]

▶ GET Try it out

GET https://api.thebridge.dev/account/role

x-api-key required Stored in session memory only. Never persisted.

Send Request Copy as cURL

---

Create a Role

HTTP Request

POST https://api.thebridge.dev/account/role

Body Parameters

Parameter	Type	Required	Description
name	string	Required	A presentable label for this role
key	string	Required	A unique key for this role
description	string	Optional	Optional description
privileges	string[]	Required	A list of privilege IDs. Cannot be empty
isDefault	boolean	Optional	If true, will be applied to new tenant users. Only one role can be default

Response HTTP 200

Returns the created Role model.

Request example

cURL ▼

Copy

curl --request POST 'https://api.thebridge.dev/account/role' \
--header 'x-api-key: YOUR_APP_API_KEY' \
--header 'Content-Type: application/json' \
--data-raw '{
  "name": "Admin",
  "key": "ADMIN",
  "description": "Admin with user read privileges",
  "privileges": ["650cd8510ccba777cc9623d4", "650cd8510ccba777cc9623d5"],
  "isDefault": false
}'

▶ POST Try it out

POST https://api.thebridge.dev/account/role

x-api-key required Stored in session memory only. Never persisted.

Request Body (JSON) { "name": "Admin", "key": "ADMIN", "description": "Admin with user read privileges", "privileges": ["PRIVILEGE_ID_1", "PRIVILEGE_ID_2"], "isDefault": false }

Send Request Copy as cURL

---

Update a Role

HTTP Request

PUT https://api.thebridge.dev/account/role/:ROLE_ID

Body Parameters

Parameter	Type	Required	Description
name	string	Optional	A presentable label for this role
key	string	Optional	A unique key. The OWNER key cannot be changed
description	string	Optional	Optional description
privileges	string[]	Optional	A list of privilege IDs
isDefault	boolean	Optional	Cannot change from true to false

Response HTTP 200

Returns the updated Role model.

▶ PUT Try it out

PUT https://api.thebridge.dev/account/role/:ROLE_ID

x-api-key required Stored in session memory only. Never persisted.

ROLE_ID URL parameter The ID of the role

Request Body (JSON) { "description": "Updated description" }

Send Request Copy as cURL

---

Delete a Role

Delete an existing role. Default roles and the OWNER role cannot be deleted. Deleting a role will not remove related privileges.

HTTP Request

DELETE https://api.thebridge.dev/account/role/:ROLE_ID

Response HTTP 200

▶ DELETE Try it out

DELETE https://api.thebridge.dev/account/role/:ROLE_ID

x-api-key required Stored in session memory only. Never persisted.

ROLE_ID URL parameter The ID of the role

Send Request Copy as cURL

---

List Privileges

HTTP Request

GET https://api.thebridge.dev/account/role/privilege

Response HTTP 200

HTTP 200 — Array of privilege objects.

Request example

cURL ▼

Copy

curl --request GET 'https://api.thebridge.dev/account/role/privilege' \
--header 'x-api-key: YOUR_APP_API_KEY'

Response example:

[
    { "id": "650cd8510ccba777cc9623d4", "key": "AUTHENTICATED", "description": "Privilege for all authenticated users" },
    { "id": "650cd8510ccba777cc9623d5", "key": "USER_READ" },
    { "id": "650cd8510ccba777cc9623d6", "key": "USER_WRITE" },
    { "id": "650cd8510ccba777cc9623d7", "key": "TENANT_READ" },
    { "id": "650cd8510ccba777cc9623d8", "key": "TENANT_WRITE" }
]

▶ GET Try it out

GET https://api.thebridge.dev/account/role/privilege

x-api-key required Stored in session memory only. Never persisted.

Send Request Copy as cURL

---

Create a Privilege

HTTP Request

POST https://api.thebridge.dev/account/role/privilege

Body Parameters

Parameter	Type	Required	Description
key	string	Required	A unique key for this privilege
description	string	Optional	Optional description

Response HTTP 200

HTTP 200 — Returns the created privilege object.

Response example:

{
    "id": "6516b9cb492d28b55cca8daf",
    "key": "SENSITIVE_DATA",
    "description": "Access to sensitive data"
}

▶ POST Try it out

POST https://api.thebridge.dev/account/role/privilege

x-api-key required Stored in session memory only. Never persisted.

Request Body (JSON) { "key": "SENSITIVE_DATA", "description": "Access to sensitive data" }

Send Request Copy as cURL

---

Update a Privilege

HTTP Request

PUT https://api.thebridge.dev/account/role/privilege/:PRIVILEGE_ID

Response HTTP 200

▶ PUT Try it out

PUT https://api.thebridge.dev/account/role/privilege/:PRIVILEGE_ID

x-api-key required Stored in session memory only. Never persisted.

PRIVILEGE_ID URL parameter The ID of the privilege

Request Body (JSON) { "description": "Updated description" }

Send Request Copy as cURL

---

Delete a Privilege

HTTP Request

DELETE https://api.thebridge.dev/account/role/privilege/:PRIVILEGE_ID

Response HTTP 200

▶ DELETE Try it out

DELETE https://api.thebridge.dev/account/role/privilege/:PRIVILEGE_ID

x-api-key required Stored in session memory only. Never persisted.

PRIVILEGE_ID URL parameter The ID of the privilege

Send Request Copy as cURL