e4e4a7ba67
* Capabilities endpoint will now return considering policies on entities and groups * refactor the policy derivation into a separate function * Docs: Update docs to reflect the change in capabilities endpoint
1.3 KiB
1.3 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| api | /sys/capabilities - HTTP API | docs-http-system-capabilities/ | The `/sys/capabilities` endpoint is used to fetch the capabilities of a token on a given path. |
/sys/capabilities
The /sys/capabilities endpoint is used to fetch the capabilities of a token
on a given path. The capabilities returned will be derived from the policies
that are on the token, and from the policies to which token is entitled to
through the entity and entity's group memberships.
Query Token Capabilities
This endpoint returns the list of capabilities for a provided token.
| Method | Path | Produces |
|---|---|---|
POST |
/sys/capabilities |
200 application/json |
Parameters
-
path(string: <required>)– Specifies the path against which to check the token's capabilities. -
token(string: <required>)– Specifies the token for which to check capabilities.
Sample Payload
{
"path": "secret/foo",
"token": "abcd1234"
}
Sample Request
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/capabilities
Sample Response
{
"capabilities": ["read", "list"]
}