Skip to content

feat(tokens): add API token scoping (workspace and permission sets) #90

Open
Open
feat(tokens): add API token scoping (workspace and permission sets)#90
Labels
featrequest for or implementation of a new featurepostgresnvisy-postgres: ORM, models, queries, migrationsservernvisy-server: API handlers, middleware, auth
@martsokha

Description

@martsokha
martsokha
opened on Mar 26, 2026

Context

API tokens currently inherit the account's full permissions. Programmatic integrations should follow the principle of least privilege.

Requirements

  • Each API token can be scoped to specific workspaces
  • Each API token can be scoped to a subset of permissions
  • A scoped token can only access resources within its designated workspaces and can only perform operations allowed by its permission set
  • Token creation validates that requested scopes are a subset of the account's actual permissions
  • Existing unscoped tokens continue to work (backwards compatible)

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    featrequest for or implementation of a new featurepostgresnvisy-postgres: ORM, models, queries, migrationsservernvisy-server: API handlers, middleware, auth

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions