App Permissions
API keys in Relay control what a client is allowed to do after it connects.
Permissions are defined per module. Each module has a set of actions that can be individually enabled or disabled for a given API key.
Permission Model
Relay permissions are organized by module. Each module supports a specific set of actions.
Across all modules, the listen action allows the client to receive real-time messages for that module. The remaining actions control standard CRUD and module-specific operations.
Modules and Actions
Telemetry
| Action | Description |
|---|---|
listen | Receive real-time telemetry data streams |
Commands
Commands has two sub-modules: RPC and Queue.
RPC
| Action | Description |
|---|---|
listen | Receive real-time RPC command messages |
call | Invoke RPC commands on devices |
Queue
| Action | Description |
|---|---|
call | Enqueue commands for later execution on devices |
Alerts
| Action | Description |
|---|---|
listen | Receive real-time alert notifications |
create | Create new alert rules |
update | Modify existing alert rules |
delete | Remove alert rules |
list | List all alert rules |
history | View past alert events |
Presence
| Action | Description |
|---|---|
listen | Receive real-time device presence updates |
Logical Groups
| Action | Description |
|---|---|
listen | Receive real-time updates for logical group changes |
create | Create new logical groups |
update | Modify existing logical groups |
delete | Remove logical groups |
list | List all logical groups and their respective devices |
Hierarchy Groups
| Action | Description |
|---|---|
listen | Receive real-time updates for hierarchy group changes |
create | Create new hierarchy groups |
update | Modify existing hierarchy groups |
delete | Remove hierarchy groups |
list | List all hierarchy groups and their respective devices |
Devices
| Action | Description |
|---|---|
create | Register new devices |
update | Modify existing devices |
delete | Remove devices |
list | List all devices |
Full Permission Reference
Here is the complete permission object with all modules and actions:
{
"telemetry": { "listen": true },
"commands": {
"rpc": { "listen": true, "call": true },
"queue": { "call": true }
},
"alerts": {
"listen": true,
"create": true,
"update": true,
"delete": true,
"list": true,
"history": true
},
"presence": { "listen": true },
"logical_group": {
"listen": true,
"create": true,
"update": true,
"delete": true,
"list": true
},
"heirarchy_group": {
"listen": true,
"create": true,
"update": true,
"delete": true,
"list": true
},
"devices": {
"create": true,
"update": true,
"delete": true,
"list": true
}
}
Set any action to false (or omit it) to deny that permission for the API key.
Where Permissions Are Configured
To edit permissions:
- Open the Developer Console
- Select App from the left-hand menu
- Select the app you want to modify
- Edit the permissions for each module
You will have to reconnect to the server after the change is made for it to reflect.
Common Mistakes
- Trying to edit permissions while a key is enabled
- Forgetting to enable
listenwhen you need real-time updates for a module - Enabling
deleteon devices or groups without understanding the impact - Assuming
listimplieslisten— they are independent actions