Permissions-and-authorization

api endpoints and permission categories this document outlines the various api endpoints and their associated permission categories, providing a clear reference for understanding the access control within our system note in the early days we are going to describe these concepts as things like 'instance read' or 'instance write', we realize these are confusing any questions about what permissions are attributed to what actions should be asked via our support channels every api key has a list of permissions associated with it every user has the ability to create keys with restricted permissions on their own account users can also create restricted keys in team environments using the team centric endpoints creating custom roles accessing role management custom roles can be created and managed through the cli team roles can be managed on the 'manage' page by users with team read level access defining permissions when creating a custom role, anyone can select from a wide range of permissions, such as instance creation, billing access, monitoring, etc this allows for precise control over what each role can and cannot do assigning custom roles once a custom role is created, it can be assigned to team members through the team management interface important elements constraints constraints can be added at different levels to enforce certain parameters of the body to be specific values params you can use wildcards to represent placeholder values (useful if you want to generate many keys all doing similar operations) examples the following json would create a user that has access to the specified categories in this instance, someone with these permissions would be able to create an instance as well as access billing information { "api" { "misc" {}, "user read" {}, "instance read" {}, "instance write" {}, 	 "billing read" {}, 	 "billing write" {} } } the following json would create restricted access to only the presented categories in this example, someone with these permissions would be able to create an instance, but they would not be able to access billing information { "api" { "misc" {}, "user read" {}, "instance read" {}, "instance write" {} } } you can see a full list of permission types as well as the endpoints attached to that permission below permission categories instance read get instances https //docs vast ai/api/retrieve user instances request logs https //docs vast ai/api/request instance logs the following permissions would allow a user to read the instance logs of instance id 1227 only { "api" { "misc" {}, "user read" {}, "instance read" {}, "instance write" {}, "billing read" { "api instance request logs" { "constraints" { "id" { "eq" 1227 } } } } } } the following permissions would allow a user to read the instance logs of instance id from $1 to $2 apikeys using this feature have to be created using the cli call create api key https //docs vast ai/api/commands { "api" { "instance read" { "api instance request logs" { "constraints" { "id" { "lte" $1, "gte" $2 } } } } } } instance write { 	"api" { "instance write" {} } } create instances https //docs vast ai/api/launch an instance update instances https //docs vast ai/api/update user data destroy instances https //docs vast ai/api/destroy an instance reboot instances https //docs vast ai/api/reboot an instance execute command https //docs vast ai/api/execute remote command change bid price https //docs vast ai/api/change bid price user read { 	"api" { "user read" {} } } show user https //docs vast ai/api/retrieve current user information show ip addresses https //docs vast ai/api/retrieve ip address history get subaccount https //docs vast ai/api/retrieve subaccounts user write { 	"api" { "user write" {} } } create subaccount https //docs vast ai/api/create new user account or subaccount reset api key https //docs vast ai/api/reset api key billing read { 	"api" { "billing read" {} } } get machine earnings https //docs vast ai/api/retrieve earnings history get invoices https //docs vast ai/api/search and retrieve invoices billing write { 	"api" { "billing write" {} } } transfer credit https //docs vast ai/api/transfer credits to another user machine read { 	"api" { "machine read" {} } } get machines https //docs vast ai/api/retrieve a list of machines machine write { 	"api" { "machine write" {} } } set minimum bid https //docs vast ai/api/set minimum bid price for a machine set default job https //docs vast ai/api/set defjob remove default job https //docs vast ai/api/remove default job schedule maintenance https //docs vast ai/api/schedule maintenance list machine https //docs vast ai/api/list a machine for rent unlist machine https //docs vast ai/api/unlist a machine misc { 	"api" { "misc" {} } } copy data https //docs vast ai/api/initiate a remote copy operation cancel copy https //docs vast ai/api/cancel remote sync operation search gpus https //docs vast ai/api/search and filter gpu offers search gpus advanced https //docs vast ai/api/search and filter gpu offers team read { 	"api" { "team read" {} } } get team role https //docs vast ai/api/retrieve team role get team roles https //docs vast ai/api/retrieve team roles get team members https //docs vast ai/api/retrieve team members team write { 	"api" { "team write" {} } } create team https //docs vast ai/api/create a new team delete team https //docs vast ai/api/destroy team create team role https //docs vast ai/api/create a new team role update team role https //docs vast ai/api/update a team role delete team role https //docs vast ai/api/remove a team role invite team member https //docs vast ai/api/invite a new member to join a team%20copy delete team member https //docs vast ai/api/remove a team member