# /sys/capabilities The `/sys/capabilities` endpoint is used to fetch the capabilities of a token on the given paths. The capabilities returned will be derived from the policies that are on the token, and from the policies to which the token is entitled to through the entity and entity's group memberships. ### Query token capabilities This endpoint returns the list of capabilities of a given token on the given paths. Multiple paths are taken in at once and the capabilities of the token for each path is returned. For backwards compatibility, if a single path is supplied, a `capabilities` field will also be returned. | Method | Path | | ------ | ------------------- | | `POST` | `/sys/capabilities` | #### Parameters * `paths` `(list: )` – Paths on which capabilities are being queried. * `token` `(string: )` – Token for which capabilities are being queried. #### Sample payload ```json { "token": "abcd1234", "paths": ["secret/foo"] } ``` #### Sample request ```shell-session $ curl \ --header "X-Vault-Token: ..." \ --request POST \ --data @payload.json \ http://127.0.0.1:8200/v1/sys/capabilities ``` #### Sample response ```json { "capabilities": ["delete", "list", "read", "update"], "secret/foo": ["delete", "list", "read", "update"] } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/vault/api/system-backend/sys-capabilities.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.