Check access in a circle
Checks permissions granted to signers who signed the payload and JWT for a certain set of actions and records. If the circle doesn't exist, API will return 404 error.
Authorization
AuthorizationRequiredBearer <token>JWT signed by private key. The presence of this token is not mandatory. It becomes required through the configuration of authorization access rules that requires a token to grant access. Once sent, the token is validated for its format, signature and expiration, regardless of the presence of access rules.
In: header
Request Body
application/jsonRequiredAccess check payload
hashRequiredstringPattern:
"^[A-Fa-f0-9]{64}$"metaRequiredobjectdataRequiredobjectPath Parameters
idRequiredstring | stringThe unique identifier of the record - its luid or address.
Header Parameters
x-ledgerstring | stringThe unique identifier of ledger in context for multi tenant requests.
curl -X POST "http://localhost:3000/v2/circles/tran:12345@pbz.hr/access/\!check" \
-H "x-ledger: bog" \
-H "Content-Type: application/json" \
-d '{
"hash": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"meta": {
"proofs": [
{
"method": "ed25519-v2",
"public": "WAweF9PHlboQoW0z8NqhZXFmzUTaV74NRFAd/aILprE=",
"digest": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"result": "0G2gvSfBx6MwPT8ShBaiYx7zwa5Kqc4Cq3S3NXV1m5/ZPozoH/SUouuhi9sQU+f0yo0eX4ygH7PzE3PAdlxsCQ==",
"custom": {
"moment": "2019-01-01T00:00:00.000Z",
"type": "PERSON",
"reference": 3284759238475
}
}
]
},
"data": {
"action": "any",
"record": "any"
}
}'Access check response with resolved access rules
{
"hash": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"meta": {
"proofs": [
{
"method": "ed25519-v2",
"public": "WAweF9PHlboQoW0z8NqhZXFmzUTaV74NRFAd/aILprE=",
"digest": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"result": "0G2gvSfBx6MwPT8ShBaiYx7zwa5Kqc4Cq3S3NXV1m5/ZPozoH/SUouuhi9sQU+f0yo0eX4ygH7PzE3PAdlxsCQ==",
"custom": {
"moment": "2019-01-01T00:00:00.000Z",
"type": "PERSON",
"reference": 3284759238475
}
}
]
},
"data": [
{
"hash": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"meta": {
"proofs": [
{
"method": "ed25519-v2",
"public": "WAweF9PHlboQoW0z8NqhZXFmzUTaV74NRFAd/aILprE=",
"digest": "4969e3c012b66d88cec597bf337fc01eab8d651e6ed2d5c40236cc1f7d93435a",
"result": "0G2gvSfBx6MwPT8ShBaiYx7zwa5Kqc4Cq3S3NXV1m5/ZPozoH/SUouuhi9sQU+f0yo0eX4ygH7PzE3PAdlxsCQ==",
"custom": {
"moment": "2019-01-01T00:00:00.000Z",
"type": "PERSON",
"reference": 3284759238475
}
}
]
},
"data": {
"signer": {
"format": "ed25519-raw",
"public": {
"$eq": "WAweF9PHlboQoW0z8NqhZXFmzUTaV74NRFAd/aILprE="
},
"custom": {
"type": "person",
"age": {
"$gte": 21
}
},
"handle": {
"$in": [
"admin"
]
}
},
"record": "any",
"action": "any",
"invoke": "wallet.canSpendAllChangedRouteTargets",
"bearer": {
"iss": "company.org",
"sub": "admin",
"aud": "ledger",
"hsh": true,
"$signer": {
"format": "ed25519-raw",
"public": {
"$eq": "WAweF9PHlboQoW0z8NqhZXFmzUTaV74NRFAd/aILprE="
},
"custom": {
"type": "person",
"age": {
"$gte": 21
}
},
"handle": {
"$in": [
"admin"
]
}
}
},
"filter": {
"schema": "bank"
},
"change": {
"schema": "p2p"
}
}
}
]
}