POST
/
v2
/
permissions.createPermission
Go (SDK)
package main

import(
	"context"
	"os"
	unkey "github.com/unkeyed/sdks/api/go/v2"
	"github.com/unkeyed/sdks/api/go/v2/models/components"
	"log"
)

func main() {
    ctx := context.Background()

    s := unkey.New(
        unkey.WithSecurity(os.Getenv("UNKEY_ROOT_KEY")),
    )

    res, err := s.Permissions.CreatePermission(ctx, components.V2PermissionsCreatePermissionRequestBody{
        Name: "users.read",
        Slug: "users-read",
        Description: unkey.String("Grants read-only access to user profile information, account settings, and subscription status."),
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.V2PermissionsCreatePermissionResponseBody != nil {
        // handle response
    }
}
{
  "meta": {
    "requestId": "req_123"
  },
  "data": {
    "permissionId": "perm_1234567890abcdef"
  }
}

Authorizations

Authorization
string
header
required

Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:

Authorization: Bearer unkey_123

Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api). Security best practices:

  • Keep root keys secure and never expose them in client-side code
  • Use different root keys for different environments
  • Rotate keys periodically, especially after team member departures
  • Create keys with minimal necessary permissions following least privilege principle
  • Monitor key usage with audit logs.

Body

application/json
name
string
required

Creates a permission with this human-readable name that describes its purpose. Names must be unique within your workspace to prevent conflicts during assignment. Use clear, semantic names that developers can easily understand when building authorization logic. Consider using hierarchical naming conventions like 'resource.action' for better organization.

Examples: 'users.read', 'billing.write', 'analytics.view', 'admin.manage'

Required string length: 1 - 512
Example:

"users.read"

slug
string
required

Creates a URL-safe identifier for this permission that can be used in APIs and integrations. Must start with a letter and contain only letters, numbers, periods, underscores, and hyphens. Slugs are often used in REST endpoints, configuration files, and external integrations. Should closely match the name but in a format suitable for technical usage. Must be unique within your workspace to ensure reliable permission lookups.

Keep slugs concise but descriptive for better developer experience.

Required string length: 1 - 128
Example:

"users-read"

description
string

Provides detailed documentation of what this permission grants access to. Include information about affected resources, allowed actions, and any important limitations. This internal documentation helps team members understand permission scope and security implications. Not visible to end users - designed for development teams and security audits.

Consider documenting:

  • What resources can be accessed
  • What operations are permitted
  • Any conditions or limitations
  • Related permissions that might be needed
Maximum length: 128
Example:

"Grants read-only access to user profile information, account settings, and subscription status."

Response

Permission created successfully

meta
object
required

Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The requestId is particularly important when troubleshooting issues with the Unkey support team.

data
object
required