Amarsia
Features

Permissions

Role-based access control and workspace membership in Amarsia.

Overview

Amarsia uses role-based access control (RBAC) scoped to the workspace. Every API key and user is assigned one or more roles that determine what operations they can perform.

Built-in roles

RoleDescription
ownerFull access to all resources and settings
adminFull access except billing and ownership transfer
developerRead/write access to all resources; no access to settings
viewerRead-only access to all resources

Scopes

API keys can be further restricted using scopes — fine-grained permissions on top of the base role.

resources:read       Read any resource
resources:write      Create and update resources
events:read          Read events
webhooks:manage      Create, update, and delete webhooks

When creating an API key, select only the scopes your integration actually needs.

Checking permissions

If a request is denied due to insufficient permissions, the API returns:

{
  "error": {
    "code": "forbidden",
    "message": "You do not have permission to perform this action."
  }
}

HTTP status: 403 Forbidden.

Authentication

How to authenticate API requests using API keys and session tokens.

Webhooks

Receive real-time event notifications via HTTP POST to your endpoint.

On this page

OverviewBuilt-in rolesScopesChecking permissionsRelated