Skip to main content
Let’s look at an example app for allowing your users to manage domains. As part of the API, your users will be able to perform CRUD operations against domains or individual dns records.
1

Creating permissions

Users of our app can have the following permissions:
  • domain.delete_domain
  • domain.dns.create_record
  • domain.dns.read_record
  • domain.dns.update_record
  • domain.dns.delete_record
  • domain.create_domain
  • domain.read_domain
  • domain.update_domain
Sign into your dashboard.
  • For Roles, navigate to the Authorization/Roles. Default when navigating to Authorization.
  • For Permissions, navigate to the Authorization/Permissions.
Create them in your Authorization/Permissions page. Use the button in the upper right. + Create new permission
Example permissions
2

Creating roles

We define the following roles:
  • admin: An admin can do everything.
  • dns.manager: Can create, read, update and delete dns records but not access the domain itself.
  • read-only: Can read domain or dns record information.
Create them in your Authorization/Roles page. Use the button in the upper right. + Create new role
Example roles
3

Connecting

For each role, we need to connect the permissions it should have.
Admin roles
4

Connect a key

Now that we have permissions and roles in place, we can connect them to keys.
  1. In the sidebar, click on one of your APIs
  2. Next click on keys in the expanded API you selected.
    Breadcrumb Navigation
  3. On the key you want to use, click on the action menu (...) at the end of that table row.
  4. Select Manage roles and permissions..
Unconnected roles and permissions
  1. You can connect a role to your key by using the Assign role input. Let’s give this key the dns.manager and read-only roles.
Unconnected roles and permissions
As you can see, the key now contains 2 roles and 5 permissions shown just above the Roles section:
5

Verifying Permissions

Now you can verify this key and perform permission checks. Read more