API Endpoint and Method Access
Endpoint Access Permissions
API access is controlled at the endpoint + HTTP method level.
How it Works
Access is managed using an allow list. Each API client is explicitly granted permission to call specific combinations of:
- Endpoint (e.g.
/companies/) - HTTP method (e.g.
GET,POST, etc.)
If a request is made to an endpoint/method combination that is not on your allow list, the API will return a 403 Forbidden response.
Examples
Permissions are evaluated per endpoint + method combination, not per endpoint broadly. For example, you may have access to make a GET request to a specific endpoint without having access to make a POST request:
| Endpoint | Method | Access |
|---|---|---|
/companies/{company_id}/participants/ | GET | ✅ Allowed |
/companies/{company_id}/participants/ | POST | ❌ Not allowed |
Requesting Access
To request access to additional endpoints or methods, submit a request here: https://forms.gle/KQm63UQyytqTdVDe8
Updated about 16 hours ago