Access Control

Channel Access Control

Assign operator role

POST /channels/(string: uuid)/operators/(number: userId)

Make the specified user an operator. The user can be any Horn user but they can only be added by the owner or another operator.

Parameters:

  • uuid (string) – The channel to which the user should be added as an operator

  • userId (number) – The user that should be upgraded to an operator

Assign owner role

POST /channels/(string: uuid)/owners/(number: userId)

Make the specified user an owner.

Parameters:

  • uuid (string) – The channel to which the user should be added as an owner

  • userId (number) – The user that should be upgraded to an operator

Demote from owner to operator

POST /channels/(string: uuid)/owners/(number: userId)/demote

Remove a user’s owner role and immediately add operator role.

Parameters:

  • uuid (string) – The channel that this operator is in context of

  • userId (number) – The user that should be demoted from owner to operator

Get guest access state

GET /channels/(string: uuid)/settings/guests

Get information if channel allows for guest user access. This is a public call and does not require authentication.

Parameters:

  • uuid (string) – The channel ID

Response JSON Object:

  • allowed (boolean) – True if guest access is available

List channel operators

GET /channels/(string: uuid)/operators

Return a list of the operators for the specified channel. This function is available to channel operators.

Parameters:

  • uuid (string) – The channel to which the operators should be listed.

Query Parameters:

  • imgSize (string)

Response JSON Array of Objects:

  • id (long) – The user’s unique ID

  • handle (string) – The user’s handle

  • imageUrl (option[string]) – A url pointing to the user’s image

  • isOwner (boolean) – If True user is an channel owner

List channel owners

GET /channels/(string: uuid)/owners

Return a list of the owners for the specified channel.

Parameters:

  • uuid (string) – The channel to which the operators should be listed.

Query Parameters:

  • imgSize (string)

Response JSON Array of Objects:

  • id (long) – The user’s unique ID

  • handle (string) – The user’s handle

  • imageUrl (option[string]) – A url pointing to the user’s image

  • isOwner (boolean) – If True user is an channel owner

Remove operator role

DELETE /channels/(string: uuid)/operators/(number: userId)

Remove a user’s operator role. This action can only be performed by an owner or an operator.

Parameters:

  • uuid (string) – The channel to which the user should be added as an operator

  • userId (number) – The user that should be upgraded to an operator

Remove owner role

DELETE /channels/(string: uuid)/owners/(number: userId)

Remove a user’s owner status.

Parameters:

  • uuid (string) – The channel to which the user should be added as an operator

  • userId (number) – The user that should be upgraded to an operator

Set guest access

POST /channels/(string: uuid)/settings/guests/(string: state)

Allow or disallow guest access for a channel.

Parameters:

  • uuid (string) – The channel ID

  • state (string) – Can be one of enable/disable

Access Levels

Add access level to user

POST /acl/(number: userId)/level/(number: level)

Method that allows adding Access Level to given user

Parameters:

  • userId (number) – User to which level should be added

  • level (number) – ID of Access Level to add

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

List available access levels

GET /acl/levels

List all Access Levels an user can operate with. Only levels from this list can be added/removed when managing Access Control Levels for other users in the company

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

Response JSON Array of Objects:

  • id (int) – Level identifier

  • name (string) – Name of level (for displaying purposes)

List own access levels

GET /acl/me/levels

Lists all Access Levels that requesting user has

Response JSON Array of Objects:

  • id (int) – Level identifier

  • name (string) – Name of level (for displaying purposes)

List user access levels

GET /acl/(number: userId)/levels

Lists all Access Levels for given user

Parameters:

  • userId (number) – User from which levels should be returned

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

Response JSON Array of Objects:

  • id (int) – Level identifier

  • name (string) – Name of level (for displaying purposes)

Remove access level from user

DELETE /acl/(number: userId)/level/(number: level)

Method to remove Access Level from a user

Parameters:

  • userId (number) – User from which level should be removed

  • level (number) – ID of Access Level to remove

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

API Tokens

API tokens grant broad access to the REST API within the context of a certain client ID. They have administrative-level power, and are intended only for careful use by custom extension code. API tokens should never be given to end-users or end-user browsers.

The methods described in this section support CRUD actions on API Tokens, with the caveat that read access to tokens is intentionally limited to token-creation time.

Create API token

POST /api_tokens

Create a new API token.

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

Request JSON Object:

  • label (option[string]) – [Optional] label for token

Response JSON Object:

  • id (string) – Token Identifier

  • token (string) – Token used for authentication

  • expiresAt (option[long]) – Informs when That token expires

  • label (option[string]) – Optionally label for this Api Token

List API tokens

GET /api_tokens

List all API tokens for given client context. Note that actual tokens on this list are masked. The un-masked token is only shown during creation or during regeneration.

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

Response JSON Array of Objects:

  • id (string) – Token Identifier

  • token (string) – Token used for authentication

  • expiresAt (option[long]) – Informs when That token expires

  • label (option[string]) – Optionally label for this Api Token

Regenerate API token

POST /api_tokens/(string: tokenId)/regenerate

Regenerate the specified API token. This will create (and return) a new authorization token, and remove the old token from the system.

Parameters:

  • tokenId (string) – Token Identifier

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)

Response JSON Object:

  • id (string) – Token Identifier

  • token (string) – Token used for authentication

  • expiresAt (option[long]) – Informs when That token expires

  • label (option[string]) – Optionally label for this Api Token

Remove API token

DELETE /api_tokens/(string: tokenId)

Removes the specified API token from system. This operation is irreversible. Use with caution! Nothing will prevent you from deleting your last API token, or the API token you’re using to authenticate this call.

Parameters:

  • tokenId (string) – Token Identifier

Query Parameters:

  • for_client (string) – If specified, executes call in the context of the identified clientId, which must be a child account of calling user’s client. (Partner Admins only)