Roles & Permissions API
All endpoints require admin authentication (token_admin) and the permission indicated for each one.
Roles
Endpoints for managing roles (default permission sets). Use roles-list for read operations and roles-admon for create/update/delete.
List roles
GET /roles/listReturns a paginated, filterable list of roles.
Required permission: roles-list
| Query parameter | Type | Default | Description |
|---|---|---|---|
start | number | 0 | Offset for pagination (first row index) |
length | number | 20 | Number of rows per page |
sortBy | string | — | Field to sort by |
sortType | string | — | Sort direction: asc or desc |
report | boolean | — | If present, may change response format for reports |
localeId | any | — | Filter by locale |
security_level | number | — | Filter roles by this security level |
description | string | — | Filter roles by name/description |
admin_id | number | — | Filter roles by administrator ID |
Update a role
PATCH /roles/{id}Updates a role's description and/or security level (partial update). Only the fields sent in the body are updated.
Required permission: roles-admon
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Role ID (required) |
Request body:
| Field | Type | Description |
|---|---|---|
description | string | Role name/description (optional) |
security_level | number | Security level 1, 2, or 3 (optional) |
Get role permissions
GET /roles/{id}/permissionsReturns the list of permissions assigned to a role, grouped by module (parent/child structure).
Required permission: roles-list
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Role ID (required) |
Assign or remove role permissions
POST /roles/{id}/permissionsAdds or removes permissions for a role. Each item in the permissions array specifies a permission and whether to grant or revoke it.
Required permission: roles-admon
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Role ID (required) |
Request body:
| Field | Type | Description |
|---|---|---|
permissions | array | List of changes (at least one item required) |
Each element of permissions:
| Field | Type | Description |
|---|---|---|
id | number | Permission ID (positive integer) |
action | number | 1 = grant, -1 = revoke |
Example:
{
"permissions": [
{ "id": 12, "action": 1 },
{ "id": 45, "action": -1 }
]
}Get users in a role
GET /roles/{id}/usersReturns the list of administrators assigned to the given role.
Required permission: roles-list
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Role ID (required) |
Administrators
Endpoints for managing administrators (users who can access the admin application). Permissions used: administrators-table, administrators-add, administrators-edit, sel_admin_permissions.
List administrators
GET /administratorsV2Returns a paginated, filterable list of administrators.
Required permission: administrators-table
| Query parameter | Type | Default | Description |
|---|---|---|---|
start | number | 0 | Offset for pagination (first row index) |
length | number | 20 | Number of rows per page |
sortBy | string | — | Field to sort by |
sortType | string | — | Sort direction: ASC or DESC |
report | boolean | — | If present, may change response format for reports |
localeId | any | — | Filter by locale |
id | number | — | Filter by administrator ID |
name | string | — | Filter by name |
email | string | — | Filter by email |
department_id | number | — | Filter by department ID |
role_id | number | — | Filter by role ID |
status | number | — | Filter by status |
Create administrator
POST /administratorsV2Creates a new administrator by linking a user to the admin application with a role, department, office, and locale.
Required permission: administrators-add
Request body:
| Field | Type | Description |
|---|---|---|
user_id | number | User ID (required) |
phone | string | Phone number (can be empty string) |
department_id | number | Department ID (required) |
office_id | number | Office ID (required; can be null) |
role_id | number | Role ID (required) |
locale_id | number | Locale ID (required) |
Update administrator
PUT /administratorsV2/{id}Updates an existing administrator. All listed fields are required in the payload.
Required permission: administrators-edit
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Administrator ID (required) |
Request body:
| Field | Type | Description |
|---|---|---|
name | string | Full name (required) |
email | string | Email address (required, valid email) |
password | string | Password (can be empty to leave unchanged; min 8 characters if set) |
calendly_url | string | Calendly URL (can be empty) |
phone | string | Phone number (can be empty) |
department_id | number | Department ID (required) |
office_id | number | Office ID (required; can be null) |
role_id | number | Role ID (required) |
status | boolean | Active status: 1/truthy = active, 0/falsy = inactive (required) |
status_leads | boolean | Leads status: 1/truthy or 0/falsy (required) |
Get administrator permissions
GET /administratorsV2/{id}/permissionsReturns the list of permissions assigned to the administrator, grouped by module (parent/child structure), including whether each permission is inherited from the role or set as an exception/revoked.
Required permission: sel_admin_permissions
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Administrator ID (required) |
Assign or remove administrator permissions
POST /administratorsV2/{id}/permissionsAdds or removes permissions for an administrator. Each item in the permissions array specifies a permission, the action, and whether the permission is inherited from the role.
Required permission: sel_admin_permissions
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Administrator ID (required) |
Request body:
| Field | Type | Description |
|---|---|---|
permissions | array | List of changes (at least one item required) |
Each element of permissions:
| Field | Type | Description |
|---|---|---|
id | number | Permission ID (positive integer) |
action | number | 1 = grant, -1 = revoke |
is_inherited | boolean | true if from the role, false if per-user override |
Example:
{
"permissions": [
{ "id": 12, "action": 1, "is_inherited": false },
{ "id": 45, "action": -1, "is_inherited": true }
]
}Reset two-factor authentication (2FA)
PATCH /administratorsV2/{id}/reset2faResets two-factor authentication for the given administrator. The administrator will need to set up 2FA again on next login if required.
Required permission: administrators-edit
Path parameters:
| Parameter | Type | Description |
|---|---|---|
id | number | Administrator ID (required) |
Permissions Summary
| Permission key | Used by | Access type |
|---|---|---|
roles-list | GET /roles/list, GET /roles/{id}/permissions, GET /roles/{id}/users | Read |
roles-admon | PATCH /roles/{id}, POST /roles/{id}/permissions | Write |
administrators-table | GET /administratorsV2 | Read |
administrators-add | POST /administratorsV2 | Write |
administrators-edit | PUT /administratorsV2/{id}, PATCH /administratorsV2/{id}/reset2fa | Write |
sel_admin_permissions | GET /administratorsV2/{id}/permissions, POST /administratorsV2/{id}/permissions | Read/Write |