> For the complete documentation index, see [llms.txt](https://help.openloyalty.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.openloyalty.io/api-reference/acl.md).

# ACL

These endpoints will allow you to easily manage access control list.

## Get role details

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method returns all Role details.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"parameters":{"role":{"name":"role","in":"path","description":"Acl role","required":true,"schema":{"type":"integer"}}},"schemas":{"Role":{"properties":{"role":{"type":"string"},"stores":{"type":"array","items":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"},"master":{"type":"boolean"},"default":{"type":"boolean"},"permissions":{"type":"array","items":{"properties":{"id":{"type":"integer"},"resource":{"type":"string"},"access":{"type":"string"},"filterQuery":{"type":"string"},"role":{"type":"object"}},"type":"object"}}},"type":"object"},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}},"NotFound":{"description":"Not found.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/role/{role}":{"get":{"tags":["ACL"],"summary":"Get role details","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method returns all Role details.\n","operationId":"aclGetRole","parameters":[{"$ref":"#/components/parameters/role"}],"responses":{"200":{"description":"","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Role"}}}},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"},"404":{"$ref":"#/components/responses/NotFound"}}}}}}
````

## Modify role

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method allows modifying specific Role.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"schemas":{"RoleFormType":{"required":["name"],"properties":{"name":{"type":"string"},"default":{"type":"boolean"},"permissions":{"type":"array","items":{"$ref":"#/components/schemas/PermissionFormType"}},"stores":{"type":"array","items":{"type":"string"}}},"type":"object"},"PermissionFormType":{"required":["resource","access"],"properties":{"resource":{"type":"string","enum":["LEVEL","TRANSACTION","ADMIN","ACL","ANALYTICS","CHANNEL","POINT_TRANSFER","SEGMENT","SETTINGS","TECH_SETTINGS","CUSTOMER","REWARDS","AUDIT","EVENT","EVENTS","LANGUAGE","TRANSLATIONS","STORES","CAMPAIGN","REWARDS_CATEGORIES","ISSUED_REWARDS","CUSTOM_EVENT","WALLET","WEBHOOK_SUBSCRIPTION","DATA_ANALYTICS","DATA_ANALYTICS_CAMPAIGN","IMPORT","EXPORT","GROUP_OF_VALUES","BILLABLE_REPORTS","BULK_ACTIONS","GLOBAL_MANAGEMENT","BADGE"]},"access":{"type":"string","enum":["VIEW","MODIFY"]},"filterQuery":{"type":"string"}},"type":"object"},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"NoContent":{"description":"Success. No content."},"BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"required":["code","message","errors"],"properties":{"code":{"type":"integer"},"message":{"type":"string"},"errors":{"type":"array","items":{"required":["message","parameters","plural","code","path"],"properties":{"message":{"type":"string"},"parameters":{},"plural":{"type":"integer","nullable":true},"code":{"type":"string"},"path":{"type":"string"}},"type":"object"}}},"type":"object"}}}},"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}},"NotFound":{"description":"Not found.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/role/{role}":{"put":{"tags":["ACL"],"summary":"Modify role","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method allows modifying specific Role.\n","operationId":"aclPutRole","parameters":[{"name":"role","in":"path","required":true,"schema":{"type":"string","pattern":"\\d+"}}],"requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"role":{"$ref":"#/components/schemas/RoleFormType"}},"type":"object"}}}},"responses":{"204":{"$ref":"#/components/responses/NoContent"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"},"404":{"$ref":"#/components/responses/NotFound"}}}}}}
````

## Delete role

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method allows deleting specific Role.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"parameters":{"role":{"name":"role","in":"path","description":"Acl role","required":true,"schema":{"type":"integer"}}},"responses":{"NoContent":{"description":"Success. No content."},"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}},"NotFound":{"description":"Not found.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}},"schemas":{"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}}},"paths":{"/api/acl/role/{role}":{"delete":{"tags":["ACL"],"summary":"Delete role","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method allows deleting specific Role.\n","operationId":"aclDeleteRole","parameters":[{"$ref":"#/components/parameters/role"}],"responses":{"204":{"$ref":"#/components/responses/NoContent"},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"},"404":{"$ref":"#/components/responses/NotFound"}}}}}}
````

## Get permission accesses

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method returns available permission accesses.  \
> \
> If sorting is not chosen, the rows will be returned in an unspecified order.  \
> To sort a result, use an \`\_orderBy\` parameter in query.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"schemas":{"AclAvailableObject":{"properties":{"code":{"type":"string"},"name":{"type":"string"}},"type":"object"},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/accesses":{"get":{"tags":["ACL"],"summary":"Get permission accesses","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method returns available permission accesses.  \n\nIf sorting is not chosen, the rows will be returned in an unspecified order.  \nTo sort a result, use an `_orderBy` parameter in query.\n","operationId":"aclGetAccesses","responses":{"200":{"description":"","content":{"application/json":{"schema":{"properties":{"items":{"type":"array","items":{"$ref":"#/components/schemas/AclAvailableObject"}},"total":{"properties":{"all":{}},"type":"object"}},"type":"object"}}}},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"}}}}}}
````

## Get roles list

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method returns a list of all Roles that have been created in the system.  \
> \
> If sorting is not chosen, the rows will be returned in an unspecified order.  \
> To sort a result, use an \`\_orderBy\` parameter in query.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"parameters":{"page":{"name":"_page","in":"query","description":"Number of page with results, starts from 1","required":false,"schema":{"type":"integer","default":1,"minimum":1}},"itemsOnPage":{"name":"_itemsOnPage","in":"query","description":"Items on one page","required":false,"schema":{"type":"integer","default":10,"maximum":50,"minimum":1}},"orderBy":{"name":"_orderBy","in":"query","description":"Sorting order. If sorting is not chosen, the rows will be returned in an unspecified order. Sort order: * `asc` - Ascending, from A to Z * `desc` - Descending, from Z to A","required":false,"style":"deepObject","explode":true,"schema":{"type":"object","additionalProperties":{"type":"string","enum":["asc","desc"]}}}},"schemas":{"Role":{"properties":{"role":{"type":"string"},"stores":{"type":"array","items":{"type":"string"}},"id":{"type":"integer"},"name":{"type":"string"},"master":{"type":"boolean"},"default":{"type":"boolean"},"permissions":{"type":"array","items":{"properties":{"id":{"type":"integer"},"resource":{"type":"string"},"access":{"type":"string"},"filterQuery":{"type":"string"},"role":{"type":"object"}},"type":"object"}}},"type":"object"},"SearchableTotalResponse2":{"properties":{"all":{"type":"integer","deprecated":true},"filtered":{"type":"integer","deprecated":true},"estimated":{"description":"Field estimated is used to show that the results are estimated. It might happen when there are more than 5000 results due to performance optimization.","type":"boolean","deprecated":true}},"type":"object","deprecated":true},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"NoContent":{"description":"Success. No content."},"BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"required":["code","message","errors"],"properties":{"code":{"type":"integer"},"message":{"type":"string"},"errors":{"type":"array","items":{"required":["message","parameters","plural","code","path"],"properties":{"message":{"type":"string"},"parameters":{},"plural":{"type":"integer","nullable":true},"code":{"type":"string"},"path":{"type":"string"}},"type":"object"}}},"type":"object"}}}},"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/role":{"get":{"tags":["ACL"],"summary":"Get roles list","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method returns a list of all Roles that have been created in the system.  \n\nIf sorting is not chosen, the rows will be returned in an unspecified order.  \nTo sort a result, use an `_orderBy` parameter in query.\n","operationId":"aclGetList","parameters":[{"name":"id","in":"query","required":false,"schema":{"type":"string"}},{"name":"role","in":"query","required":false,"schema":{"type":"string"}},{"name":"name","in":"query","required":false,"schema":{"type":"string"}},{"name":"master","in":"query","required":false,"schema":{"type":"boolean"}},{"name":"default","in":"query","required":false,"schema":{"type":"boolean"}},{"$ref":"#/components/parameters/page"},{"$ref":"#/components/parameters/itemsOnPage"},{"$ref":"#/components/parameters/orderBy"}],"responses":{"200":{"description":"","content":{"application/json":{"schema":{"properties":{"items":{"type":"array","items":{"$ref":"#/components/schemas/Role"}},"total":{"$ref":"#/components/schemas/SearchableTotalResponse2"}},"type":"object"}}}},"201":{"$ref":"#/components/responses/NoContent"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"}}}}}}
````

## Add a new role

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method allows creating a new Role in the system.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"schemas":{"RoleFormType":{"required":["name"],"properties":{"name":{"type":"string"},"default":{"type":"boolean"},"permissions":{"type":"array","items":{"$ref":"#/components/schemas/PermissionFormType"}},"stores":{"type":"array","items":{"type":"string"}}},"type":"object"},"PermissionFormType":{"required":["resource","access"],"properties":{"resource":{"type":"string","enum":["LEVEL","TRANSACTION","ADMIN","ACL","ANALYTICS","CHANNEL","POINT_TRANSFER","SEGMENT","SETTINGS","TECH_SETTINGS","CUSTOMER","REWARDS","AUDIT","EVENT","EVENTS","LANGUAGE","TRANSLATIONS","STORES","CAMPAIGN","REWARDS_CATEGORIES","ISSUED_REWARDS","CUSTOM_EVENT","WALLET","WEBHOOK_SUBSCRIPTION","DATA_ANALYTICS","DATA_ANALYTICS_CAMPAIGN","IMPORT","EXPORT","GROUP_OF_VALUES","BILLABLE_REPORTS","BULK_ACTIONS","GLOBAL_MANAGEMENT","BADGE"]},"access":{"type":"string","enum":["VIEW","MODIFY"]},"filterQuery":{"type":"string"}},"type":"object"},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"NoContent":{"description":"Success. No content."},"BadRequest":{"description":"Bad request.","content":{"application/json":{"schema":{"required":["code","message","errors"],"properties":{"code":{"type":"integer"},"message":{"type":"string"},"errors":{"type":"array","items":{"required":["message","parameters","plural","code","path"],"properties":{"message":{"type":"string"},"parameters":{},"plural":{"type":"integer","nullable":true},"code":{"type":"string"},"path":{"type":"string"}},"type":"object"}}},"type":"object"}}}},"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/role":{"post":{"tags":["ACL"],"summary":"Add a new role","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method allows creating a new Role in the system.\n","operationId":"aclPostRole","requestBody":{"description":"","content":{"application/json":{"schema":{"properties":{"role":{"$ref":"#/components/schemas/RoleFormType"}},"type":"object"}}}},"responses":{"201":{"$ref":"#/components/responses/NoContent"},"204":{"$ref":"#/components/responses/NoContent"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"}}}}}}
````

## Get resources list

> \<label style="background-color: #D4EDBC;padding:5px;">Management\</label>\<br>\<br>\
> This method returns all available permission resources in the system that you can dedicate to a specific Role.  \
> \
> If sorting is not chosen, the rows will be returned in an unspecified order.  \
> To sort a result, use an \`\_orderBy\` parameter in query.<br>

````json
{"openapi":"3.0.0","info":{"title":"Open Loyalty","version":"0.0.1"},"tags":[{"name":"ACL","description":"These endpoints will allow you to easily manage access control list."}],"servers":[{"url":"http://openloyalty.localhost"}],"security":[{"Bearer":[]},{"token":[]}],"components":{"securitySchemes":{"Bearer":{"type":"apiKey","description":"Open Loyalty has the JWT authorization.\nTo learn what a JSON Web Token is and how it works, check out Introduction to JSON Web Tokens <https://jwt.io/introduction/>\n\n### Obtain an access token\n\nSend a request with the parameters username and password\n\n#### Definition\n\n`POST /api/admin/login_check` [Go to definition](#operation/adminLoginCheck)\\\n`POST /api/{storeCode}/member/login_check` [Go to definition](#operation/memberLoginCheck)\n\n#### Example\n\n```bash\ncurl {HOST}/api/admin/login_check\n    -H 'Content-Type: application/json;charset=UTF-8'\n    -H 'Accept: application/json, text/plain, */*'\n    --data-binary '{\"username\":\"admin\",\"password\":\"password\"}'\n```\n\n#### Example Response\n\n```json\n{\n    \"token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6...\",\n    \"refresh_token\":\"0558f8bb29948c4e54c443f...\"\n}\n```\n\n### Using JSON Web Token\n\nAdd authorization header to each request\\\n`Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...`\\\nYou can now access any API method you want under the /api prefix.\n\n#### Example\n```bash\ncurl {HOST}/api/{storeCode}/analytics/members\n    -H 'Accept: application/json'\n    -H 'Content-type: application/x-www-form-urlencoded'\n    -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6...'\n```\n\n### Refresh JSON Web Token\nYou can refresh token using refresh_token that was given during login.\\\nThere are two endpoints\\\nTo refresh admin token `POST /api/token/refresh` [Go to definition](#operation/tokenRefresh)\\\nTo refresh member token `POST /api/{storeCode}/token/refresh` [Go to definition](#operation/tokenRefreshMember)\n","name":"Authorization","in":"header","bearerFormat":"JWT","scheme":"bearer"},"token":{"type":"apiKey","name":"X-AUTH-TOKEN","in":"header"}},"schemas":{"AclAvailableObject":{"properties":{"code":{"type":"string"},"name":{"type":"string"}},"type":"object"},"ExpiredToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"InvalidToken":{"required":["code","message"],"properties":{"code":{"type":"string"},"message":{"type":"string"}},"type":"object"},"Unauthorized":{"required":["message"],"properties":{"message":{"type":"string"}},"type":"object"}},"responses":{"AccessDenied":{"description":"Forbidden.","content":{"application/json":{"schema":{"required":["code","message"],"properties":{"code":{"type":"integer"},"message":{"type":"string"}},"type":"object"}}}}}},"paths":{"/api/acl/resources":{"get":{"tags":["ACL"],"summary":"Get resources list","description":"<label style=\"background-color: #D4EDBC;padding:5px;\">Management</label><br><br>\nThis method returns all available permission resources in the system that you can dedicate to a specific Role.  \n\nIf sorting is not chosen, the rows will be returned in an unspecified order.  \nTo sort a result, use an `_orderBy` parameter in query.\n","operationId":"aclGetResources","responses":{"200":{"description":"","content":{"application/json":{"schema":{"properties":{"items":{"type":"array","items":{"$ref":"#/components/schemas/AclAvailableObject"}},"total":{"properties":{"all":{}},"type":"object"}},"type":"object"}}}},"401":{"description":"","content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ExpiredToken"},{"$ref":"#/components/schemas/InvalidToken"},{"$ref":"#/components/schemas/Unauthorized"}]}}}},"403":{"$ref":"#/components/responses/AccessDenied"}}}}}}
````


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.openloyalty.io/api-reference/acl.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.