/sys/capabilities-self

The /sys/capabilities-self endpoint is used to fetch the capabilities of the token used to make the API call, on the given paths. The capabilities returned will be derived from the policies that are on the token, and from the policies to which the token is entitled to through the entity and entity's group memberships.

Query self capabilities

This endpoint returns the capabilities of client token on the given paths. The client token is the Vault token with which this API call is made. Multiple paths are taken in at once and the capabilities of the token for each path is returned. For backwards compatibility, if a single path is supplied, a capabilities field will also be returned.

Method

Path

POST

/sys/capabilities-self

Parameters

paths (list: <required>) – Paths on which capabilities are being queried.

Sample payload

{
  "paths": ["secret/foo"]
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/capabilities-self

Sample response

{
  "capabilities": ["delete", "list", "read", "update"],
  "secret/foo": ["delete", "list", "read", "update"]
}

Previous/sys/capabilities-accessor Next/sys/config/auditing/request-headers

Last updated 2 years ago

hashtagQuery self capabilities

hashtagParameters

hashtagSample payload

hashtagSample request

hashtagSample response

Query self capabilities

Parameters

Sample payload

Sample request

Sample response