api.*) guard every REST endpoint in PropOps. When a user calls an API route, the system checks that their role includes the required api.* key before processing the request. There are 402 keys across 20 namespaces.
Parent keys (e.g.
api.admin.activity_log) act as category toggles — enabling or disabling the parent key controls visibility of the entire sub-group. The child keys (e.g. api.admin.activity_log.view) control the specific action.api.admin.* — Administration
Controls access to system administration endpoints — branch management, settings, security reports, cleanup tools, and more.
| Permission Key | Description |
|---|---|
api.admin.activity_log | Activity log category |
api.admin.activity_log.view | View the activity log |
api.admin.api_discovery | API discovery category |
api.admin.api_discovery.manage | Manage API discovery tools |
api.admin.api_permissions | API permissions category |
api.admin.api_permissions.manage | Manage API permission assignments |
api.admin.api_usage_stats | API usage stats category |
api.admin.api_usage_stats.manage | View/manage API usage statistics |
api.admin.branches | Branch management category |
api.admin.branches.bulk_assign_logo | Bulk-assign logos to branches |
api.admin.branches.bulk_delete | Bulk-delete branches |
api.admin.branches.bulk_disable | Bulk-disable branches |
api.admin.branches.bulk_import | Bulk-import branches from CSV |
api.admin.branches.download_template | Download branch import template |
api.admin.branches.view | View branch list |
api.admin.cleanup_test_data | Test data cleanup category |
api.admin.cleanup_test_data.manage | Run test data cleanup |
api.admin.disable_branch | Disable branch category |
api.admin.disable_branch.manage | Disable individual branch |
api.admin.document-types | Document types category |
api.admin.document-types.manage | Manage document type definitions |
api.admin.documents | Admin documents category |
api.admin.documents.manage | Manage admin-level documents |
api.admin.email_logs | Email logs category |
api.admin.email_logs.manage | View and manage email logs |
api.admin.enable_branch | Enable branch category |
api.admin.enable_branch.manage | Enable individual branch |
api.admin.generate_test_jobs | Test job generation category |
api.admin.generate_test_jobs.manage | Generate test job data |
api.admin.job-documents.regenerate-thumbnails | Regenerate job document thumbnails |
api.admin.job_documents | Job documents category |
api.admin.job_documents.list | List job documents |
api.admin.job_documents.stats | View job document statistics |
api.admin.job_documents.view | View job documents (admin) |
api.admin.job_tags | Job tags category |
api.admin.job_tags.priorities | View job tag priorities (list) |
api.admin.job_tags.priority | View individual job tag priority |
api.admin.job_tags.status | View individual job tag status |
api.admin.job_tags.statuses | View job tag statuses (list) |
api.admin.job_tags.title | View individual job tag title |
api.admin.job_tags.titles | View job tag titles (list) |
api.admin.job_tags.type | View individual job tag type |
api.admin.job_tags.types | View job tag types (list) |
api.admin.job_tags.view | View job tags |
api.admin.orphaned_file | Orphaned file category |
api.admin.orphaned_file.manage | Manage orphaned files |
api.admin.orphaned_files | Orphaned files (bulk) category |
api.admin.orphaned_files.manage | Bulk manage orphaned files |
api.admin.password_breach_status | Password breach status category |
api.admin.password_breach_status.manage | View password breach status |
api.admin.permissions | Permissions category |
api.admin.permissions.api_locations | Permission API locations category |
api.admin.permissions.api_locations.view | View permission API locations |
api.admin.permissions.category | Permission categories category |
api.admin.permissions.category.view | View permission categories |
api.admin.permissions.search | Search permissions |
api.admin.permissions.update | Update permission assignments |
api.admin.permissions.view | View all permissions |
api.admin.permissions_dropdown | Permissions dropdown category |
api.admin.permissions_dropdown.view | View permissions dropdown |
api.admin.rate_limiting | Access rate-limiting settings |
api.admin.resend_email | Resend email category |
api.admin.resend_email.manage | Resend failed emails |
api.admin.roles | Roles category |
api.admin.roles.manage | Manage staff roles |
api.admin.scan_user_password | Scan user password category |
api.admin.scan_user_password.manage | Scan user passwords for breaches |
api.admin.security_report | Security report category |
api.admin.security_report.manage | Generate security reports |
api.admin.settings.api_action_types | API action types category |
api.admin.settings.api_action_types.create | Create API action types |
api.admin.settings.api_action_types.list | List API action types |
api.admin.settings.api_action_types.manage | Manage API action types |
api.admin.settings.api_action_types.stats | View API action type statistics |
api.admin.settings.api_action_types.toggle_active | Toggle API action type active state |
api.admin.settings.api_action_types.update | Update API action types |
api.admin.settings.configuration.delete_group | Delete settings group category |
api.admin.settings.configuration.delete_group.manage | Delete settings groups |
api.admin.settings.configuration.save_group | Save settings group category |
api.admin.settings.configuration.save_group.manage | Save settings groups |
api.admin.settings.configuration.save_page | Save settings page category |
api.admin.settings.configuration.save_page.manage | Save settings pages |
api.admin.settings_stats | Settings stats category |
api.admin.settings_stats.manage | View settings statistics |
api.admin.sync_background_registry | Background registry category |
api.admin.sync_background_registry.manage | Sync background task registry |
api.admin.test_data_stats | Test data stats category |
api.admin.test_data_stats.manage | View test data statistics |
api.admin.user_management_policy | User management policy category |
api.admin.user_management_policy.manage | Manage user management policies |
api.agents.* — Agent Operations
Controls agent-level operations — branch assignments, SLA management, logo uploads, and contractor document thumbnails.
| Permission Key | Description |
|---|---|
api.agents.branches | Agent branches category |
api.agents.branches.assign_agent | Assign agent to branch |
api.agents.branches.bulk_update_coordinates | Bulk-update branch coordinates |
api.agents.branches.create_branch | Create branch |
api.agents.branches.delete_branch | Delete branch |
api.agents.branches.disable_webhook_token | Disable branch webhook token |
api.agents.branches.get_account_types | Get branch account types |
api.agents.branches.get_agent_branches | Get branches for agent |
api.agents.branches.get_branch | Get individual branch |
api.agents.branches.get_branches | Get all branches |
api.agents.branches.get_branch_agents | Get agents for branch |
api.agents.branches.manage | Full branch management |
api.agents.branches.regenerate_webhook_token | Regenerate branch webhook token |
api.agents.branches.unassign_agent | Unassign agent from branch |
api.agents.branches.update_branch | Update branch details |
api.agents.branch_jobs | Branch jobs category |
api.agents.branch_jobs.manage | Manage jobs within assigned branch |
api.agents.branch_logo | Branch logo category |
api.agents.branch_logo.manage | Manage branch logo |
api.agents.branch_profile_popover | Branch profile popover category |
api.agents.branch_profile_popover.manage | View branch profile popover |
api.agents.branch_sharing | Share branches across workspaces |
api.agents.branch_sla | Branch SLA category |
api.agents.branch_sla.download | Download branch SLA |
api.agents.branch_sla.manage | Manage branch SLA settings |
api.agents.branch_sla.upload | Upload SLA documents |
api.agents.branch_sla_response_times | SLA response times category |
api.agents.branch_sla_response_times.manage | Manage SLA response time targets |
api.agents.document_thumbnail | Document thumbnail category |
api.agents.document_thumbnail.manage | Manage document thumbnails |
api.agents.list | Agent list category |
api.agents.list.list | List agent accounts |
api.agents.list.manage | Manage agent accounts |
api.analytics.* — Analytics & Insights
Controls access to analytics dashboards, AI analysis, chat history, and page tracking.
| Permission Key | Description |
|---|---|
api.analytics.ai_analysis | Run AI job analysis |
api.analytics.branch_performance | View branch performance analytics |
api.analytics.chat_messages | View AI chat messages |
api.analytics.chat_sessions | View AI chat sessions |
api.analytics.filtered_activity | Filtered activity category |
api.analytics.filtered_activity.view | View filtered activity stream |
api.analytics.gemini_usage | View Gemini API usage stats |
api.analytics.job_health_check | Run job health check analytics |
api.analytics.page_tracking | Page tracking category |
api.analytics.page_tracking.view | View page tracking data |
api.analytics.recent_activity | Recent activity category |
api.analytics.recent_activity.manage | Manage recent activity feed |
api.analytics.simple_page_tracking | Simple page tracking category |
api.analytics.simple_page_tracking.manage | Manage simple page tracking |
api.calendar.* — Calendar
| Permission Key | Description |
|---|---|
api.calendar.jobs.read | View jobs on calendar |
api.calendar.weather.read | View weather data on calendar |
api.contractors.* — Contractors
Controls contractor management — listings, maintenance trades, and certifications.
| Permission Key | Description |
|---|---|
api.contractors.certification | Certification category |
api.contractors.certification.manage | Manage contractor certifications |
api.contractors.list | Contractor list category |
api.contractors.list-with-coverage | Contractors with coverage category |
api.contractors.list-with-coverage.view | View contractors with coverage areas |
api.contractors.list.list | List contractor accounts |
api.contractors.list.manage | Manage contractor accounts |
api.contractors.trades | Trades category |
api.contractors.trades.manage | Manage contractor trade categories |
api.dashboard.* — Dashboard Widgets
Controls visibility of individual dashboard widgets, chiplets, and charts.
| Permission Key | Description |
|---|---|
api.dashboard.batch.read | Batch-read dashboard data |
api.dashboard.booked_today.read | Booked today chiplet |
api.dashboard.charts | Charts category |
api.dashboard.charts.manage | Show/manage dashboard charts |
api.dashboard.chiplets | Meta-permission — expands into sub-chiplet permissions |
api.dashboard.completed_jobs.read | Completed jobs widget |
api.dashboard.incomplete_onboarding.read | Incomplete onboarding chiplet |
api.dashboard.jobs_by_type.read | Jobs by type chart |
api.dashboard.missing_certs.read | Missing certificates chiplet |
api.dashboard.new_jobs.read | New jobs widget |
api.dashboard.no_contractor.read | No contractor assigned widget |
api.dashboard.overdue_quotes.read | Overdue quotes widget |
api.dashboard.pinned_jobs.read | Pinned jobs widget |
api.dashboard.recall.read | Recall jobs widget |
api.dashboard.secops_chiplets.read | Security operations chiplets |
api.dashboard.stats | Dashboard stats category |
api.dashboard.stats.manage | Dashboard KPI stats |
api.dashboard.update_job | Update job category |
api.dashboard.update_job.manage | Update job from dashboard |
api.email.* — Email
| Permission Key | Description |
|---|---|
api.email.send | Send email category |
api.email.send.manage | Send emails |
api.email.templates | Email templates category |
api.email.templates.view | View email templates |
api.email.verify | Email verification category |
api.email.verify.view | Email verification |
api.email.welcome | Welcome email category |
api.email.welcome.manage | Manage welcome emails |
api.feedback.* — Feedback
| Permission Key | Description |
|---|---|
api.feedback | Feedback category |
api.feedback.manage | Manage feedback submissions |
api.feedback.submissions | View feedback submissions |
api.financial.* — Financial
| Permission Key | Description |
|---|---|
api.financial.invoices | Invoices category |
api.financial.invoices.manage | Manage invoices and bulk payment notifications |
api.help.* — Help & Documentation
| Permission Key | Description |
|---|---|
api.help.page_help.read | View contextual help sheet |
api.help.read | Access help API endpoint |
api.jobs.* — Jobs Management
The largest API namespace. Controls all job CRUD, case notes, photos, documents, statuses, types, and more.
| Permission Key | Description |
|---|---|
api.jobs.addresses | Job addresses category |
api.jobs.addresses.create | Create job address |
api.jobs.addresses.list | List job addresses |
api.jobs.addresses.search | Search job addresses |
api.jobs.addresses.view | View job addresses |
api.jobs.amendable_fields | Amendable fields category |
api.jobs.amendable_fields.manage | Configure which fields accept amendments |
api.jobs.amend_request | Amendment request category |
api.jobs.amend_request.manage | Manage amendment requests |
api.jobs.amend_request.read | View amendment requests |
api.jobs.case_notes | Case notes category |
api.jobs.case_notes.create | Create case notes |
api.jobs.case_notes.list | List case notes |
api.jobs.case_notes.manage | Full case notes management |
api.jobs.case_notes.pin | Pin case notes |
api.jobs.case_notes.resend | Resend case note notifications |
api.jobs.case_notes.unpin | Unpin case notes |
api.jobs.case_notes.update | Update case notes |
api.jobs.case_note_attachments | Case note attachments category |
api.jobs.case_note_attachments.manage | Manage case note attachments |
api.jobs.case_note_email_helper | Case note email helper category |
api.jobs.case_note_email_helper.manage | Send case notes via email |
api.jobs.documents | Job documents category |
api.jobs.documents.agent | Agent job documents |
api.jobs.documents.contractor | Contractor job documents |
api.jobs.documents.manage | Manage job documents |
api.jobs.documents.private_client | Private client job documents |
api.jobs.documents.view | View job documents |
api.jobs.edit | Edit job (legacy) |
api.jobs.manage | Job management category |
api.jobs.manage.create | Create new job |
api.jobs.manage.created_by | Check if user created the job |
api.jobs.manage.get | Get individual job details |
api.jobs.manage.get_agents | Get agents for job assignment |
api.jobs.manage.get_assignment_notification_state | Get assignment notification state |
api.jobs.manage.get_clients | Get clients for job association |
api.jobs.manage.get_contractors | Get contractors for job assignment |
api.jobs.manage.get_creators | Get job creators |
api.jobs.manage.get_file_types | Get file types for job |
api.jobs.manage.get_job_agents | Get agents on a job |
api.jobs.manage.get_job_clients | Get clients on a job |
api.jobs.manage.get_job_contractors | Get contractors on a job |
api.jobs.manage.list | List all jobs |
api.jobs.manage.list_commits | List job commits |
api.jobs.manage.manage | Full job CRUD |
api.jobs.manage.preview_delete | Preview job deletion |
api.jobs.manage.restore_archived_file | Restore archived file |
api.jobs.manage.restore_commit | Restore job commit |
api.jobs.manage.send_assignment_notification | Send assignment notification |
api.jobs.manage.update | Update job |
api.jobs.mark_recall_completed | Mark recall completed category |
api.jobs.mark_recall_completed.manage | Mark recall as completed |
api.jobs.payment_statuses | Payment statuses category |
api.jobs.payment_statuses.list | List payment statuses |
api.jobs.payment_statuses.manage | Manage payment statuses |
api.jobs.photos | Job photos category |
api.jobs.photos.agent | Agent job photos |
api.jobs.photos.contractor | Contractor job photos |
api.jobs.photos.delete | Delete job photos |
api.jobs.photos.manage | Manage job photos |
api.jobs.photos.private_client | Private client job photos |
api.jobs.photos.upload | Upload job photos |
api.jobs.photos.view | View job photos |
api.jobs.priorities | Job priorities category |
api.jobs.priorities.list | List job priorities |
api.jobs.priorities.manage | Manage job priorities |
api.jobs.recall | Job recall category |
api.jobs.recall.manage | Manage job recalls |
api.jobs.remedials | Remedials category |
api.jobs.remedials.link | Link remedial job |
api.jobs.remedials.list | List remedial jobs |
api.jobs.remedials.manage | Manage remedial jobs |
api.jobs.remedials.unlink | Unlink remedial job |
api.jobs.statuses | Job statuses category |
api.jobs.statuses.list | List job statuses |
api.jobs.statuses.manage | Manage job statuses |
api.jobs.time_ranges | Time ranges category |
api.jobs.time_ranges.list | List time ranges |
api.jobs.time_ranges.manage | Manage time ranges |
api.jobs.toggle_pin | Toggle pin category |
api.jobs.toggle_pin.manage | Pin/unpin jobs |
api.jobs.types | Job types category |
api.jobs.types.list | List job types |
api.jobs.types.manage | Manage job types |
api.search.* — Search
| Permission Key | Description |
|---|---|
api.search.global | Global search category |
api.search.global.manage | Global search API |
api.security.* — Security
Controls security features — file integrity, session management, CSRF, password breach scanning, and alerts.
| Permission Key | Description |
|---|---|
api.security.bulk_delete_alerts | Bulk delete alerts category |
api.security.bulk_delete_alerts.manage | Bulk-delete security alerts |
api.security.bulk_resolve_alerts | Bulk resolve alerts category |
api.security.bulk_resolve_alerts.manage | Bulk-resolve security alerts |
api.security.csrf_token | CSRF token category |
api.security.csrf_token.view | CSRF token endpoint |
api.security.delete_alert | Delete alert category |
api.security.delete_alert.create | Delete individual alert |
api.security.file_diff | File diff category |
api.security.file_diff.view | View file diffs |
api.security.file_integrity_alerts | File integrity alerts category |
api.security.file_integrity_alerts.manage | Manage file integrity alerts |
api.security.file_integrity_progress | File integrity progress category |
api.security.file_integrity_progress.manage | View integrity check progress |
api.security.password_breach_check | Password breach check category |
api.security.password_breach_check.manage | Check passwords against breach databases |
api.security.resolve_alert | Resolve alert category |
api.security.resolve_alert.manage | Resolve individual alert |
api.security.run_integrity_check | Run integrity check category |
api.security.run_integrity_check.manage | Run file integrity check |
api.security.sessions | Sessions category |
api.security.sessions.add_to_blacklist | Add to session blacklist (legacy) |
api.security.sessions.blacklist_add | Add to session blacklist |
api.security.sessions.blacklist_list | List session blacklist |
api.security.sessions.blacklist_remove | Remove from session blacklist |
api.security.sessions.get_active_sessions | Get active sessions (legacy) |
api.security.sessions.list | List active sessions |
api.security.sessions.manage | Manage sessions |
api.security.sessions.remove_from_blacklist | Remove from blacklist (legacy) |
api.security.sessions.terminate | Terminate user sessions |
api.security.sessions.terminate_session | Terminate individual session (legacy) |
api.services.* — Services
| Permission Key | Description |
|---|---|
api.services.pricing | Service pricing category |
api.services.pricing.add_service_pricing | Add service pricing |
api.services.pricing.get_job_type_pricing | Get job type pricing |
api.services.pricing.get_service_pricing | Get service pricing |
api.services.pricing.manage | Manage service pricing |
api.services.pricing.remove_service_pricing | Remove service pricing |
api.services.pricing.update_service_pricing | Update service pricing |
api.sla.* — SLA
| Permission Key | Description |
|---|---|
api.sla.breached_jobs.read | View SLA-breached jobs |
api.system.* — System
Controls core system operations — heartbeat, logs, maintenance mode, notices, notifications, and push messaging.
| Permission Key | Description |
|---|---|
api.system.attachment | Attachment category |
api.system.attachment.view | View attachments |
api.system.heartbeat | Heartbeat category |
api.system.heartbeat.manage | Heartbeat / keep-alive |
api.system.ios_notifications | iOS device token registration |
api.system.logs.clear | Clear system logs |
api.system.logs.list | List system logs |
api.system.logs.read | Read system logs |
api.system.maintenance_mode | Maintenance mode category |
api.system.maintenance_mode.manage | Toggle maintenance mode |
api.system.maintenance_mode.read | Check maintenance mode status |
api.system.notices | Notices category |
api.system.notices.dashboard | Dashboard notices |
api.system.notices.list | List notices |
api.system.notices.login | Login page notices |
api.system.notices.manage | Manage system notices |
api.system.notifications | Notifications category |
api.system.notifications.manage | Manage system notifications |
api.system.search | System search category |
api.system.search.manage | System search |
api.system.settings | System settings category |
api.system.settings.activate | Activate user |
api.system.settings.bulk_action | Bulk user actions |
api.system.settings.deactivate | Deactivate user |
api.system.settings.delete_user | Delete user |
api.system.settings.get_users | Get users list |
api.system.settings.logout_user | Force-logout user |
api.system.settings.manage | Manage system settings |
api.system.settings.toggle_status | Toggle user status |
api.system.settings.update_user | Update user details |
api.system.status | System status category |
api.system.status.manage | System status endpoint |
api.system.web_push_test.send | Test web push notifications |
api.tenants.* — Tenants
| Permission Key | Description |
|---|---|
api.tenants.assign_address | Assign address category |
api.tenants.assign_address.manage | Assign address to tenant |
api.tenants.gdpr_report | GDPR report category |
api.tenants.gdpr_report.download | Download GDPR data report |
api.tenants.gdpr_report.generate | Generate GDPR data report |
api.tenants.gdpr_report.list | List GDPR data reports |
api.tenants.gdpr_report.view | View GDPR data report |
api.tenants.list | Tenant list category |
api.tenants.list.create | Create tenant |
api.tenants.list.list | List tenants |
api.tenants.list.manage | Manage tenants |
api.tenants.manage | Tenant management category |
api.tenants.manage.bulk_delete | Bulk-delete tenants |
api.tenants.manage.create | Create tenant (management) |
api.tenants.manage.list | List tenants (management) |
api.tenants.manage.manage | Full tenant CRUD |
api.tenants.manage.update | Update tenant |
api.users.* — Users & Staff
| Permission Key | Description |
|---|---|
api.users.appearance | Appearance category |
api.users.appearance.manage | Manage user appearance / theme |
api.users.avatar | Avatar category |
api.users.avatar.manage | Manage user avatar |
api.users.edit | Edit user (legacy) |
api.users.email_verification | Email verification category |
api.users.email_verification.view | Email verification status |
api.users.logout_user | Force logout category |
api.users.logout_user.manage | Force-logout a user |
api.users.notification_settings | Notification settings category |
api.users.notification_settings.manage | Manage notification preferences |
api.users.password_reset | Password reset category |
api.users.password_reset.manage | Password reset management |
api.users.permissions | User permissions category |
api.users.permissions.view | View user permissions |
api.users.users | Users category |
api.users.users.add_to_blacklist | Add user to blacklist |
api.users.users.bulk_update | Bulk update users |
api.users.users.complete_onboarding | Complete user onboarding |
api.users.users.create_user | Create user |
api.users.users.delete_user | Delete user |
api.users.users.get_account_statuses | Get account statuses |
api.users.users.get_account_types | Get account types |
api.users.users.get_active_sessions | Get user active sessions |
api.users.users.get_all_users | Get all users |
api.users.users.get_audit_log | Get user audit log |
api.users.users.get_password_breach_status | Get password breach status |
api.users.users.logout_user | Force-logout user |
api.users.users.manage | Core user management |
api.users.users.manage_roles | Manage user role assignments |
api.users.users.remove_from_blacklist | Remove user from blacklist |
api.users.users.reset_onboarding_limit | Reset onboarding limit |
api.users.users.scan_user_password | Scan user password for breaches |
api.users.users.search | Search users |
api.users.users.terminate_session | Terminate user session |
api.users.users.toggle_status | Toggle user status |
api.users.users.update_role | Update user role |
api.users.user_avatar.read | Read user avatar |
api.users.user_profile_popover | User profile popover category |
api.users.user_profile_popover.manage | User profile popover |
api.users.user_status | User status category |
api.users.user_status.view | Dashboard logged-in users widget |
api.whatsapp.* — WhatsApp
| Permission Key | Description |
|---|---|
api.whatsapp.send | Send WhatsApp messages and get options |
notifications.* — Notification Targeting
These keys are stored in the api_permissions table but control notification routing rather than API access.
| Permission Key | Description |
|---|---|
notifications.admin.deployments.notify | Receive deployment notifications |
notifications.admin.security.guard_access.notify | Receive security guard access alerts |