Permissions and Access Scope

Why viewerAccess Matters

viewerAccess is the source of truth for what the current key can access.

Run it first to avoid calling unsupported site IDs or endpoint groups.

viewerAccess Response Fields

• accountId: account linked to the key
• allowedSites: site IDs this key can query
• allowedEndpoints: endpoint/query scope granted to this key
• siteScope: high-level scope policy label

Access Strategy for Clients

1. Query viewerAccess on app bootstrap.
2. Query sites and intersect with allowedSites.
3. Hide UI for endpoints not present in allowedEndpoints.
4. Add graceful fallback messages instead of hard failures.

Multi-Site Best Practice

• Store selected site ID only after validating membership in allowedSites.
• Re-check access on session refresh or key rotation.
• Treat empty result sets differently from permission-denied behavior.

Related Docs

• Authentication and Endpoint
• Query Recipes