LogoLogo
  • 📣Welcome!
  • ☑️Quick Start
  • ✔️Terms, Definitions, Abbreviations & Regulations
    • Terms
    • Definitions
      • ✔️Entity
      • ✔️Entity Class
      • ✔️Memory Class
      • ✔️Authentication Key
    • Abbreviations
    • Regulations
  • 🚩Essentials
    • ✔️Entity Classes
      • ✔️Brand
      • ✔️User
        • ✔️Password
        • ✔️Username
        • ✔️Accounts
        • ✔️Referral
        • ✔️User Notification
        • ✔️Usage
      • ✔️Device
      • ✔️Plans & Pricing
        • ✔️License
          • ✔️Usage
        • ✔️Package
        • ✔️Feature
        • ✔️Configuration
        • ✔️Price
        • ✔️Coupon
      • ✔️Payment-Related
        • ✔️Payment
        • ✔️Payment History
        • ✔️Payment Method
        • ✔️Wallet
      • ✔️Point-Related
        • ✔️Point
        • ✔️Point Event
        • ✔️Point History
        • ✔️Point Reward
      • ✔️Role-Based Access Control (RBAC)
        • ✔️Role
        • ✔️Permission
      • ✔️Tracking-Related
        • ✔️Tracking event
        • ✔️Tracking activity
        • ✔️Tracking email
        • ✔️Email pattern
        • ✔️Helpdesk
      • ✔️System Configuration
        • ✔️SMTP Setting
        • ✔️Blacklist
        • ✔️Configuration
        • ✔️External authentication provider
        • ✔️Payment Provider
      • ✔️System Definition
        • ✔️Country
        • ✔️State
        • ✔️City
        • ✔️Currency
        • ✔️Language
        • ✔️Time Zone
    • ✔️Memory Classes
      • ✔️Event Class
      • ✔️Token Service Class
      • ✔️Error Manager
      • ✔️Session Manager
      • ✔️Version
      • ✔️Mail Service
      • ✔️CDN Service
    • ✅Third-party APIs
      • Webhooks
  • 🎯Guide
    • ✔️Login with Google
    • Integrate i18n
    • Integrate reCAPTCHA
  • References
    • Design Specifications
      • System Definitions
        • Country
        • State
        • City
        • Time Zone
        • Currency
        • Language
      • System Configurations
        • Configuration
        • External Login Provider
        • Payment Provider
        • BlackList
        • CDN
        • Address
      • Soft Deletion
        • Brand
          • Brand Email
          • Brand Link
          • Brand Profile
          • Brand Setting
        • User
          • User Profile
          • User Setting
        • Device
          • Device Profile
      • Role-Based Access Control
        • Role
        • Permission
      • Plans & Pricing
        • Feature
        • License
        • configuration
        • Package
        • Coupon
        • Price
      • Payment-Related
        • Payment
        • Payment Method
        • Payment History
        • Wallet
      • Point-Related
        • Point
        • Point Event
        • Point History
      • Tracking-Related
        • Tracking Activity
        • Tracking Event
        • Tracking Email
        • Tracking Email Pattern
        • Tracking Email Read
        • Helpdesk
        • Helpdesk Feedback
      • Relationships
        • Coupon - User
        • External Login Provider - User
        • Package - Feature
        • Role - Permission
    • ✔️JFW API
      • Overview
      • Authentication
      • Rate Limiting
      • Errors
      • API Reference
        • App Integrations
          • Get apps integration
          • Authentication
            • Creates an app integration authentication
            • Deletes an app integration authentication
            • Gets an app integration authentication
            • Get apps integration authentication with brand
            • Test building an authentication URL
            • Updates an app integration authentication
          • Payment Gateway
            • Create an app integration payment gateway
            • Delete an app integration payment gateway
            • Get an app integration payment gateway
            • Get apps integration payment gateway with brand
            • Test creating a checkout link
            • Update an app integration payment gateway
          • Push Notification
            • Create an app integration push notification
            • Delete an app integration push notification
            • Get an app integration push notification
            • Get an app integration push notification with brand
            • Update an app integration push notification
          • SMS
            • Create an app integration SMS
            • Delete an app integration SMS
            • Get an app integration SMS
            • Get apps integration SMS with brand
            • Test sending an SMS message
            • Update an app integration SMS
          • SMTP
            • Create an app integration SMTP
            • Delete an app integration SMTP
            • Get an app integration SMTP
            • Get apps integration SMTP with brand
            • Test sending an email message
            • Update an app integration SMTP
        • Brands
          • Check domain if exists
          • Create a brand
          • Create a link with a brand
          • Delete a link for a brand
          • Generate a new domain
          • Get a brand
          • Get a brand by url
          • Get brands
          • Get a link
          • Get links by type
          • Get links
          • Update a link
          • Update a brand
          • Get emails with a brand
          • Update a brand's profile
          • Update a brand's setting
          • Update a email
        • CDN
          • Delete a file CDN
          • Get a file CDN
          • Get files CDN
          • Upload a file CDN
        • Cities
        • Commission rate
          • Creates a commission rate
          • Deletes a commission rate
          • Gets a commission rate
          • Gets discount value
          • Get commission rates
          • Updates a commission rate
        • Configurations
          • Create a configuration
          • Delete a configuration
          • Get configurations
          • Get a configuration
          • Update a configuration
        • Constants
          • Brand Link
          • Black List
          • Coupon
          • Commission Rate
          • Device
          • Invoice
          • Issue
          • License
          • Organization
          • Payment
          • Transaction
          • Tracking Event
          • Tracking Notification
          • Feature
          • User
          • Wallet
          • Error
        • Coupons
          • Create a Coupon
          • Delete a Coupon
          • Get a Coupon
          • Get Coupons (*)
          • Update a Coupon
        • Cryptographies
          • Decrypt
          • Encrypt
        • Countries
        • Currencies
        • Devices
          • Checks user access device
          • Create a device
          • Delete a device
          • Get a device
          • Get current device of the user authorized
          • Get devices
          • Statistics
          • Update a device
        • Domains
          • Get domains
        • Events
          • Get email template default by event
          • Get an email template by event
          • Get events
          • Get events earning wallet
          • Get events that are associated with email templates
          • Get events that are associated with phone templates
          • Get phone template by event
          • Get phone template default by event
        • Exchange rates
          • Get exchange rates
          • Convert currency
        • Email Template
          • Create an email template
          • Delete an email template
          • Get an email template
          • Get email templates
          • Gets all placeholder keys available
          • Update an email template
        • Features
          • Create a feature
          • Delete a feature
          • Get a feature
          • Get features
          • Update a feature
        • Invoices
          • Delete an invoice
          • Get invoices
          • Get an invoice
          • Export an invoice
        • Issue categories
          • Create an issue category
          • Delete an issue category
          • Get issue categories
          • Get an issue category
          • Update an issue category
        • Issues
          • Create an issue
          • Create an issue reaction
          • Delete an issue
          • Delete an issue reaction
          • Get issues
          • Get an issue
          • Get issues by list id
          • Get children issues
          • Update an issue
        • Languages
        • Licenses
          • Applies a license to the logged user
          • Applies a license to the given login name
          • Applies a license to the given a user
          • Checks a license key
          • Create the licenses
          • Count licenses created
          • Delete a license
          • Get licenses
          • Get a license
          • Generate license key
          • Purchase to add licenses by checkout link
          • Purchase to add licenses by wallet
          • Statistics the percentage licenses used
        • MFA
          • Get a list of MFA
        • Organizations
          • Adds a new user to the organization
          • Adds a user for default language code organization system
          • Assign role for a user in an organization
          • Creates an organization
          • Deletes an organization
          • Get an organization
          • Get organizations
          • Get users of an organization
          • Remove a user in an organization
          • Updates an organization
          • Updates users status in an organization
        • Notifications
          • Delete a notification
          • Get notifications by the user authorized
          • Mark a notification as read
          • Push notification message for tokens
          • Push notification data message by the given device codes
          • Push notification data message by tokens
          • Push notification data message by devices
          • Updates all notification
          • Updates status notifications
          • Updates status of a notification
        • Packages
          • Add features to a package
          • Create a package
          • Delete a package
          • Get a package
          • Get packages
          • Get prices from a package
          • Update a package
          • Remove features from a package
        • Payments
          • Get a payment
          • Get payments
          • Gets the overview Sell Dashboar
        • Permissions
          • Add roles to a permission
          • Create a permission
          • Delete a permission
          • Get a permission
          • Get permissions
          • Update a permission
        • Prices
          • Create a price
          • Delete a price
          • Generate checkout link
          • Get a price
          • Get prices
          • Update a price
        • Resource types
          • Create a resource type
          • Delete a resource type
          • Get a resource type
          • Get resource types
          • Update a resource type
        • Roles
          • Assign users to a role
          • Delete a role
          • Create a role
          • Get a role
          • Get roles
          • Grants permissions to a role
          • Get permissions granted by role
          • Remove permissions from a role
          • Update a role
        • States
        • Subscription types
          • Create a subscription type
          • Delete a subscription type
          • Get a subscription type
          • Get subscription types
          • Update a subscription type
        • Time zones
        • Tracking Activities
          • Get activities (*)
          • Get a activity
        • Tracking emails
          • Get a tracking email
          • Get tracking emails
        • Users
          • Activate a user
          • Add a device to a user
          • Applies the referral code to a user
          • Assigns roles to a user
          • Authentication by Apple
          • Authentication by email OTP
          • Authentication by Google
          • Authentication by magic link
          • Authentication by SMS OTP
          • Authentication
          • Change password
          • Check referral user code
          • Configurations
          • Deactive a user
          • Delete a user
          • Email address verification
          • Forgot password
          • Get a user by username
          • Get a user
          • Get devices from a user
          • Get users
          • Gets the current user logged in
          • Gets the referees of a user
          • List all the brand partners authenticate
          • Lock a user
          • Register a new user
          • Remove a device from a user
          • Reset password
          • Revokes roles to a user
          • Statistics users
          • Suspend a user
          • Unlock a user
          • Unsuspend a user
          • Update a user
          • Update user type
          • Verify email address OTP to authentication
          • Verify SMS OTP to authentication
        • Wallets
          • Add money to a Wallet with checkout link
          • Apply redeem code
          • Create a wallet default
          • Convert wallet money
          • Close wallet
          • Get wallets
          • Get the wallet histories
      • Libraries
        • Javascript
        • Dot Net
        • Flutter
  • ☑️Change logs
  • ❔Questions & Feedback
  • References
Powered by GitBook
On this page
  • Role-Based Access Control (RBAC) in API Systems
  • What is RBAC?
  • How RBAC Works in an API System
  • Benefits of RBAC in API Systems

Was this helpful?

  1. References
  2. Design Specifications

Role-Based Access Control

Role-Based Access Control (RBAC) in API Systems

Role-Based Access Control (RBAC) is a widely used authorization mechanism that restricts system access based on the roles assigned to users. In an API system, RBAC ensures that only authorized users (or applications) can perform specific actions or access certain resources. This page explains the core concepts of RBAC, its benefits.

What is RBAC?

RBAC is a security model that organizes permissions around roles rather than individual users. Users are assigned one or more roles, and each role is granted specific permissions to perform actions or access resources. This simplifies access management and ensures a consistent and scalable approach to authorization.

Key Components of RBAC

  1. Users: Individuals or systems that interact with the API.

  2. Roles: A collection of permissions that define what actions a user can perform. Examples: Admin, Editor, Support.

  3. Permissions: Specific actions or access rights that can be assigned to roles. Examples: user.view user.delete

  4. Resources: The data or services protected by the API. Examples: user, role, event.

How RBAC Works in an API System

  1. Role Assignment: Users are assigned roles (e.g., Admin, Editor).

  2. Permission Assignment: Roles are granted permissions (e.g., Admin can user.delete).

  3. Access Control: When a user makes an API request, the system checks their role and permissions to determine if the action is allowed.

Example Workflow

  1. A user with the Editor role makes a request to DELETE /api/v1/users/{id}.

  2. The API checks if the Editor role has the user.delete permission.

  3. If the permission is granted, the request is processed. Otherwise, a 403 Forbidden error is returned.

Benefits of RBAC in API Systems

  1. Simplified Access Management:

    • Permissions are managed at the role level, not the user level.

    • Adding or removing users from roles is easier than managing individual permissions.

  2. Scalability:

    • RBAC works well for systems with many users and resources.

    • New roles and permissions can be added without disrupting existing users.

  3. Security:

    • Ensures users only have access to the resources they need (principle of least privilege).

    • Reduces the risk of unauthorized access or accidental data exposure.

  4. Auditability:

    • Roles and permissions provide a clear structure for tracking access and changes.

    • Easier to audit who has access to what.

PreviousDevice ProfileNextRole

Last updated 2 months ago

Was this helpful?