Skip to main content
POST
/
permissions
/
{permissionId}
/
assignments
Assign Permission
curl --request POST \
  --url https://api.dfns.io/permissions/{permissionId}/assignments \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-DFNS-USERACTION: <api-key>' \
  --data '
{
  "identityId": "<string>"
}
'
{
  "id": "as-1vcmc-qrek0-6b4vii9pln60907e",
  "permissionId": "pm-37vj4-jkr4l-lc9945spfftkne57",
  "identityId": "<string>",
  "isImmutable": true,
  "dateCreated": "2023-04-14T20:41:28.715Z",
  "dateUpdated": "2023-04-14T20:41:28.715Z"
}

Authentication

✅ Organization User (CustomerEmployee)
✅ Delegated User (EndUser)
✅ Service Account

Required Permissions

Permissions:Assign: Always required.

Authorizations

Authorization
string
header
required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

X-DFNS-USERACTION
string
header
required

User Action Signature: Used to sign the change-inducing API requests. More details how to generate the token: User Action Signing flows

Path Parameters

permissionId
string
required

ID of the permission (also referred to as "role" in the dashboard).

Required string length: 1 - 64

Body

application/json
identityId
string
required

ID of the identity to assign the permission to. Can be a user ID, a service account ID, or a personal access token (PAT) ID.

Minimum string length: 1

Response

200 - application/json

Success

id
string
required

ID of the permission assignment.

Required string length: 1 - 64
Pattern: ^as-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
Example:

"as-1vcmc-qrek0-6b4vii9pln60907e"

permissionId
string
required

ID of the permission (also referred to as "role" in the dashboard).

Required string length: 1 - 64
Pattern: ^pm-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
Example:

"pm-37vj4-jkr4l-lc9945spfftkne57"

identityId
string
required

ID of the identity the permission is assigned to. Can be a user ID, a service account ID, or a personal access token (PAT) ID.

isImmutable
boolean
required

Whether this assignment is system-managed and cannot be modified.

dateCreated
string<date-time>
required

ISO 8601 date (must be UTC). Date the assignment was created.

Example:

"2023-04-14T20:41:28.715Z"

dateUpdated
string<date-time>
required

ISO 8601 date (must be UTC). Date the assignment was last updated.

Example:

"2023-04-14T20:41:28.715Z"

Last modified on April 2, 2026