Permissions
Understanding permissions is essential for successful API integration with Thought Industries.
Permission Levels
Admin Permissions
Full access to all API endpoints and operations.
Capabilities:
- Create, read, update, and delete courses
- Manage user enrollments
- Access analytics and reporting
- Configure platform settings
Content Creator Permissions
Permissions focused on content management.
Capabilities:
- Create and edit courses
- Upload media assets
- Manage course settings
- View course analytics
Limited/Read-Only Permissions
Restricted access for specific use cases.
Capabilities:
- Read course information
- View enrollment data
- Access public content
- Limited reporting access
Scoping API Keys
When creating API keys, you can scope them to specific operations:
- courses:read - View course information
- courses:write - Create and update courses
- courses:delete - Delete courses
- users:read - View user data
- users:write - Create and update users
- enrollments:read - View enrollment data
- enrollments:write - Create and manage enrollments
Permission Requirements by Endpoint
Course Creation
Required Permissions:
courses:writecontent:upload(if uploading media)
Bulk Operations
Required Permissions:
courses:writebulk:operations
User Management
Required Permissions:
users:writeusers:read
Best Practices
Principle of Least Privilege
Always grant the minimum permissions necessary:
{
"key_name": "Course Sync Integration",
"permissions": [
"courses:read",
"courses:write"
],
"description": "Integration for syncing courses from external LMS"
}
Separate Keys for Different Operations
Use different API keys for different purposes:
- Integration Key - For automated workflows
- Admin Key - For administrative tasks
- Read-Only Key - For reporting and analytics
Audit and Monitor
Regularly review:
- API key usage patterns
- Permission changes
- Unusual access patterns
- Failed authentication attempts
Troubleshooting Permissions
403 Forbidden Errors
If you receive a 403 error:
- Verify API key has required permissions
- Check user role assignments
- Confirm account status
- Review API key expiration
Permission Denied
Common causes:
- Insufficient scope on API key
- Account restrictions
- IP whitelist restrictions
- Rate limiting (see Rate Limits)
Next Steps
- Learn about Rate Limits & Bulk Processing
- Review Field Reference
- Explore Examples