help

Permissions API

Outdated Content Warning: This content refers to an older version of OpenSpending. See here for information about the next version of OpenSpending and ways to contribute.

OpenSpending allows users to check for their permissions on a given dataset via an API call. The response will provide the authenticated user’s permission on as true or false values for CRUD (create, read, update, and delete). This API call mainly exists to allow software that uses the API (e.g. the loading API) to save bandwidth with big dataset updates.

For example if you as a developer are building a loading script that users of OpenSpending can use to download data from a location and update datasets in OpenSpending you might first run a check for permissions based on their API key before starting to download the updates (so you can skip it if they’re not authorized.

The permission API works as follows. Make a GET request (wih user authenticated with the API key) to:

/api/2/permissions?dataset=[dataset_name]

The response will be single json object with four properties, create, read, update, and delete. The value of each property is a boolean (true or false) that indicates if the authenticated user has that permission for the provided dataset:

{
    "create": false,
    "read": true,
    "update": false,
    "delete": false
}