Skip to main content
GET
/
v1
/
b2b
/
rbac
/
policy
C#
// GET /v1/b2b/rbac/policy
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
});

const params = {
};

client.RBAC.Policy(params)
  .then(resp => { console.log(resp) })
  .catch(err => { console.log(err) });
{
  "request_id": "<string>",
  "status_code": 123,
  "policy": {
    "roles": [
      {
        "role_id": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ],
    "resources": [
      {
        "resource_id": "<string>",
        "description": "<string>",
        "actions": [
          "<string>"
        ]
      }
    ],
    "scopes": [
      {
        "scope": "<string>",
        "description": "<string>",
        "permissions": [
          {
            "resource_id": "<string>",
            "actions": [
              "<string>"
            ]
          }
        ]
      }
    ]
  }
}

Documentation Index

Fetch the complete documentation index at: https://stytch.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

An RBAC Policy is the canonical document that stores all defined Resources, Roles, and Scopes. This represents your RBAC permissioning model. When using the backend SDKs, the RBAC Policy will be cached to allow for local evaluations, eliminating the need for an extra request to Stytch. The policy will be refreshed if an authorization check is requested and the RBAC policy was last updated more than 5 minutes ago. Resources, Roles, and Scopes can be created and managed in the Stytch Dashboard. Learn more about checking and enforcing permissions in the RBAC guide.

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Response

Successful response

request_id
string
required

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.

status_code
integer<int32>
required

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.

policy
object

The RBAC Policy document that contains all defined Roles and Resources – which are managed in the Dashboard. Read more about these entities and how they work in our RBAC overview.