Skip to main content
GET
Get current identity and permissions

Authorizations

Authorization
string
header
required

Can be either an Organization API Key or Personal Access Token (PAT).

Include in the Authorization header as: Bearer YOUR_TOKEN

Query Parameters

modelId
string

Optional model filter. A single model ID or a comma-separated list.

When provided, rolesByModel in the response will contain only these models. When omitted, models the caller can access are returned up to a limit; see rolesByModelTruncated.

Example:

"550e8400-e29b-41d4-a716-446655440000"

Response

Caller's identity, key scope, org role, and per-model permissions

keyScope
enum<string>
required

Scope of the API key in use.

  • user - Personal Access Token. This is a user-scoped key (PAT/OAuth) that acts as a single user and cannot use SCIM, regardless of the user's organization role.
  • organization - Organization API key
Available options:
user,
organization
orgRole
enum<string>
required

The caller's organization role.

Available options:
MEMBER,
ORG_ADMIN
Example:

"MEMBER"

rolesByModel
object
required

Resolved role and effective permissions per model, keyed by model ID. Connection role resolves per shared model, so this is per-model rather than a single global role.

user
object
required
rolesByModelTruncated
boolean

Present and true when rolesByModel was truncated because the caller can access more models than the unfiltered limit. Pass a modelId filter to retrieve specific models.