API Reference / Identities REST

Actions

Allows an identity to operate in behalf of an other from the same client id

POST/identities/{id}/permissions

Add Permissions over another identity

Headers

Authorizationstringrequired

Bearer access token returned by the authentication endpoint.

x-api-keystringrequired

The API key used for authentication when making requests to the API Gateway.

conomyhq-api-versionstring

API version selector for Conomy endpoints. Use 24-04-2025 for the current version.

User-Agentstringrequired

Identifies the application making the request.

Path parameters

idstringrequired

Unique identifier for the identity that is receiving permissions

Request body

bodyobject[]

resourcestringrequired

Kind of resource we are giving access to (e.g., IDENTITY)

referencestringrequired

Reference which identificates the resource

permissionsstring[]required

Permissions allowed to perform on behalf of the resource

Responses

201Resource created successfully.

400Invalid request parameters or payload.

errorobjectshow 2 properties

messagestringnullable

Human-readable message. May be null.

500Unexpected internal server error.

errorobjectshow 2 properties

messagestringnullable

Human-readable message. May be null.

Request

HTTPcurlTypeScriptPythonGoRust

POST /sandbox/identities/{id}/permissions HTTP/1.1
Host: api.conomyhq.com
Authorization: Bearer {ACCESS_TOKEN}
x-api-key: {YOUR_API_KEY}
conomyhq-api-version: 24-04-2025
User-Agent: MyApp/1.0
Content-Type: application/json

[
  {
    "resource": "IDENTITY",
    "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "permissions": [
      "admin"
    ]
  }
]

curl -X POST \
  'https://api.conomyhq.com/sandbox/identities/{id}/permissions' \
  -H 'Authorization: Bearer {ACCESS_TOKEN}' \
  -H 'x-api-key: {YOUR_API_KEY}' \
  -H 'conomyhq-api-version: 24-04-2025' \
  -H 'User-Agent: MyApp/1.0' \
  -H 'Content-Type: application/json' \
  -d '[
    {
      "resource": "IDENTITY",
      "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
      "permissions": [
        "admin"
      ]
    }
  ]'

const response = await fetch('https://api.conomyhq.com/sandbox/identities/{id}/permissions', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer {ACCESS_TOKEN}',
    'x-api-key': '{YOUR_API_KEY}',
    'conomyhq-api-version': '24-04-2025',
    'User-Agent': 'MyApp/1.0',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify([
    {
      "resource": "IDENTITY",
      "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
      "permissions": [
        "admin"
      ]
    }
  ]),
});

const data = await response.json();

import requests

payload = [
    {
        "resource": "IDENTITY",
        "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
        "permissions": [
            "admin"
        ]
    }
]

response = requests.post(
    'https://api.conomyhq.com/sandbox/identities/{id}/permissions',
    headers={
    'Authorization': 'Bearer {ACCESS_TOKEN}',
    'x-api-key': '{YOUR_API_KEY}',
    'conomyhq-api-version': '24-04-2025',
    'User-Agent': 'MyApp/1.0',
    'Content-Type': 'application/json',
    },
    json=payload
)

data = response.json()

package main

import (
	"encoding/json"
	"net/http"
	"bytes"
)

func main() {
	payload, _ := json.Marshal(	[
	  {
	    "resource": "IDENTITY",
	    "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
	    "permissions": [
	      "admin"
	    ]
	  }
	])
	body := bytes.NewBuffer(payload)
	req, _ := http.NewRequest("POST", "https://api.conomyhq.com/sandbox/identities/{id}/permissions", body)
	req.Header.Set("Authorization", "Bearer {ACCESS_TOKEN}")
	req.Header.Set("x-api-key", "{YOUR_API_KEY}")
	req.Header.Set("conomyhq-api-version", "24-04-2025")
	req.Header.Set("User-Agent", "MyApp/1.0")
	req.Header.Set("Content-Type", "application/json")

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()

	var data map[string]any
	json.NewDecoder(resp.Body).Decode(&data)
}

use reqwest::Client;
use serde_json::json;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = Client::new();
    let resp = client
        .post("https://api.conomyhq.com/sandbox/identities/{id}/permissions")
        .header("Authorization", "Bearer {ACCESS_TOKEN}")
        .header("x-api-key", "{YOUR_API_KEY}")
        .header("conomyhq-api-version", "24-04-2025")
        .header("User-Agent", "MyApp/1.0")
        .header("Content-Type", "application/json")
        .json(&json!([
        {
                "resource": "IDENTITY",
                "reference": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
                "permissions": [
                        "admin"
                ]
        }
]))
        .send()
        .await?;

    let data: serde_json::Value = resp.json().await?;
    Ok(())
}

Response

201 400 401 403 404 422 500

{}

{
  "error": {
    "type": "bad_request",
    "info": null
  },
  "message": null
}

{
  "error": {
    "type": "unauthorized",
    "info": null
  },
  "message": null
}

{
  "error": {
    "type": "forbidden",
    "info": null
  },
  "message": null
}

{
  "error": {
    "type": "not_found",
    "info": null
  },
  "message": null
}

{
  "error": {
    "type": "validation_error",
    "info": {
      "field": "string",
      "message": "string"
    }
  },
  "message": null
}

{
  "error": {
    "type": "internal_error",
    "info": null
  },
  "message": null
}