Batch Check Access

curl --request POST \
  --url https://sync.useparagon.com/api/permissions/{syncId}/batch-check \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "checks": [
    {
      "object": "a657df3b-17e2-5989-bc5f-13ddb7fdab41",
      "user": "user:[email protected]",
      "role": "can_read"
    }
  ]
}
'

{
  "result": [
    {
      "allowed": true,
      "request": {
        "object": "a657df3b-17e2-5989-bc5f-13ddb7fdab41",
        "user": "user:[email protected]",
        "role": "can_read"
      },
      "error": "<string>"
    }
  ]
}

POST

api

permissions

{syncId}

batch-check

Batch Check Access

curl --request POST \
  --url https://sync.useparagon.com/api/permissions/{syncId}/batch-check \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "checks": [
    {
      "object": "a657df3b-17e2-5989-bc5f-13ddb7fdab41",
      "user": "user:[email protected]",
      "role": "can_read"
    }
  ]
}
'

{
  "result": [
    {
      "allowed": true,
      "request": {
        "object": "a657df3b-17e2-5989-bc5f-13ddb7fdab41",
        "user": "user:[email protected]",
        "role": "can_read"
      },
      "error": "<string>"
    }
  ]
}

Authorizations

Authorization

string

header

required

Paragon User Token. Add to the Authorization header of your requests.

Path Parameters

syncId

string

required

UUID of the Sync to query, returned from the Enable Sync endpoint.

Body

application/json

checks

object[]

required

A list of access checks to perform between users and Synced Objects.

Show child attributes

checks.object

string

required

UUID of the Synced Object, returned from the Pull Synced Records endpoint.

Example:

"a657df3b-17e2-5989-bc5f-13ddb7fdab41"

checks.user

string

required

The user identifier to check permissions for, prefixed with the type (note that this prefix is specific to Batch Check)

Example:

"user:[email protected]"

checks.role

enum<string>

required

The role to use for the access check.

Available options:

can_read,

can_write,

is_owner

Response

Batch access check result

result

object[]

required

Show child attributes

result.allowed

boolean

required

Returns true if the user has access to the Synced Object with the specified role.

result.request

object

required

The original request item that was checked

Show child attributes

result.request.object

string

required

UUID of the Synced Object, returned from the Pull Synced Records endpoint.

Example:

"a657df3b-17e2-5989-bc5f-13ddb7fdab41"

result.request.user

string

required

The user identifier to check permissions for, prefixed with the type (note that this prefix is specific to Batch Check)

Example:

"user:[email protected]"

result.request.role

enum<string>

required

The role to use for the access check.

Available options:

can_read,

can_write,

is_owner

result.error

string

Error message if the check failed

Check Access List Users

⌘I

Managed Sync

Sync API

Permissions API

Integrations Reference

Batch Check Access

Authorizations

Path Parameters

Body

Response