Trongate Docs
switch to dark modeswitch to dark mode
Role Based Authorization

Role Based Authorization

Role Based Authorization allows access based upon a user's role.  An example of a role is 'admin'.  You, as the developer, have the ability to define as many roles as you like for your web apps.  With Role Based Authorization, you can protect your endpoints by making them accessible only for users whose role has been granted permission.

Did You Know?
The 'role' is actually the 'level_title' value, taken from the 'trongate_user_levels' database table.  Read How Trongate's Token System Works for more information.

The syntax for role based authorization is:

"authorization": {
    "roles": []

As you can see, from the square brackets, the 'roles' property is expecting an array.  This means that our goal would be to pass in an array of user roles who would be allowed access to the endpoint.

Below is an example of a 'Get' endpoint where access has been granted to 'admin' users as well as users who have a user level of 'accounts'.

"Get": {
    "url_segments": "api/get/members",
    "request_type": "GET",
    "description": "Fetch rows from table",
    "enableParams": true,
         "roles": [


If you have a question or a comment relating to anything you've see here, please goto the Help Bar.