open-vault/website/source/api/system/capabilities-self.html.md

---
layout: "api"
page_title: "/sys/capabilities-self - HTTP API"
sidebar_current: "docs-http-system-capabilities-self"
description: |-
  The `/sys/capabilities-self` endpoint is used to fetch the capabilities of
  client token on a given path.
---

# `/sys/capabilities-self`

The `/sys/capabilities-self` endpoint is used to fetch the capabilities of a
the supplied token.  The capabilities returned will be derived from the
policies that are on the token, and from the policies to which token is
entitled to through the entity and entity's group memberships.

## Query Self Capabilities

This endpoint returns the capabilities of client token on the given path. The
client token is the Vault token with which this API call is made.

| Method   | Path                     | Produces               |
| :------- | :----------------------- | :--------------------- |
| `POST`   | `/sys/capabilities-self` | `200 application/json` |


### Parameters

- `path` `(string: <required>)` – Specifies the path on which the client token's
  capabilities will be checked.

### Sample Payload

```json
{
  "path": "secret/foo"
}
```

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    https://vault.rocks/v1/sys/capabilities-self
```

### Sample Response

```json
{
  "capabilities": ["read", "list"]
}
```
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								---
-												/docs/http -> /api

											
										
										
											2017-03-17 18:06:03 +00:00
+								layout: "api"
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								page_title: "/sys/capabilities-self - HTTP API"
 								sidebar_current: "docs-http-system-capabilities-self"
 								description: |-
 								  The `/sys/capabilities-self` endpoint is used to fetch the capabilities of
 								  client token on a given path.
 								---
 								# `/sys/capabilities-self`
-												Capabilities responds considering policies on entities and groups (#3522)

* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint

											
										
										
											2017-11-03 15:20:10 +00:00
+								The `/sys/capabilities-self` endpoint is used to fetch the capabilities of a
 								the supplied token.  The capabilities returned will be derived from the
 								policies that are on the token, and from the policies to which token is
 								entitled to through the entity and entity's group memberships.
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
 								## Query Self Capabilities
 								This endpoint returns the capabilities of client token on the given path. The
 								client token is the Vault token with which this API call is made.
 								| Method   | Path                     | Produces               |
 								| :------- | :----------------------- | :--------------------- |
 								| `POST`   | `/sys/capabilities-self` | `200 application/json` |
 								### Parameters
 								- `path` `(string: <required>)` – Specifies the path on which the client token's
 								  capabilities will be checked.
 								### Sample Payload
 								```json
 								{
 								  "path": "secret/foo"
 								}
 								```
 								### Sample Request
 								```
 								$ curl \
 								    --header "X-Vault-Token: ..." \
 								    --request POST \
-												Docs typo fixes (#2830)

* Fix passing payload.json file to curl

* Correct API endpoint

											
										
										
											2017-06-07 14:02:58 +00:00
+								    --data @payload.json \
-												Redo docs for system backend

This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.

											
										
										
											2017-03-15 06:40:33 +00:00
+								    https://vault.rocks/v1/sys/capabilities-self
 								```
 								### Sample Response
 								```json
 								{
 								  "capabilities": ["read", "list"]
 								}
 								```