Skip to main content

Get current token permissions

This example demonstrates how to retrieve the list of permissions (scopes) associated with the currently authenticated token in ONLYOFFICE DocSpace. It helps verify which actions the token can perform (e.g., file access, room management, user operations).

Before you start

  1. Replace https://yourportal.onlyoffice.com and YOUR_API_KEY with your actual DocSpace portal URL and API key. Ensure you have the necessary data and permissions to perform migration operations.
  2. Before you can make requests to the API, you need to authenticate. Check out the Personal access tokens page to learn how to obtain and use access tokens.
Full example
// Set your DocSpace portal URL and access token
const API_HOST = 'https://yourportal.onlyoffice.com';
const API_KEY = 'your_api_key';

// Headers with authorization token
const HEADERS = {
  Authorization: API_KEY,
};

// Step 1: Retrieve the current token's permissions
function getTokenPermissions() {
  const url = `${API_HOST}/api/2.0/keys/permissions`;

  return fetch(url, { method: 'GET', headers: HEADERS })
    .then((res) => {
      if (res.status === 200) return res.json();
      return res.text().then((t) => {
        console.log(`Key permissions retrieval failed. Status code: ${res.status}, Message: ${t}`);
        return null;
      });
    })
    .then((data) => {
      const permissions = data?.response || [];
      console.log('Current Token Permissions:');
      permissions.forEach((perm) => console.log(`${perm}`));
      return permissions;
    })
    .catch((err) => {
      console.log(`Key permissions retrieval error: ${err.message}`);
      return null;
    });
}

// Run the method
getTokenPermissions();

How it works

A GET request is sent to /api/2.0/keys/permissions to fetch the list of scopes granted to the current token.

No request body or parameters are required. The response includes permissions such as:

  • files:read
  • files:write
  • rooms:read
  • accounts:read