Marvia Developer Portal
DocsAPI ReferenceAbout
DocsAPI ReferenceAbout
  1. Docs
  • Getting Started
  • Authentication
  • Permissions
  • Filtering
  • Uploading Files
  • Using Marvia CDN
  • API Reference
    • Users
      • Get a user
      • Delete a user
      • Update a user
      • List
      • Create a new user
      • Get user locations
      • Update user locations
      • Get user groups
      • Update user groups
    • Products
      • List products
      • Get a product
      • Get product API module
      • Get product delivery module
      • Get product distribution module
      • Get product locations module
      • Get product files module
      • Get product stock module
      • Get product price module
      • Get product workflow module
      • Get product socials module
      • Get product internal comment module
      • Get product campaigns module
      • Get product permissions module
      • Get product reservations module
      • Get product template module
      • Get product form builder module
      • Get product variants module
    • Locations
      • Update a location
      • Get a location
      • Delete a location
      • List locations
      • Create a new location
    • Groups
      • Get a group
      • Update a group
      • Delete a group
      • List groups
      • Create a new group
    • Uploads
      • Initialize multipart upload
      • Complete multipart upload
    • Assets
      • List assets
      • Create a new asset
      • Get asset
      • Update an asset
      • Search assets
      • Get all meta tags
      • Get asset meta tags
      • Update asset meta tags
    • Posts
      • List posts
      • Get a post
  • Schemas
    • Schemas
      • LocationAddress
      • Location
      • Group
      • LocationLegal
      • nonEmptyString
      • LocationInvoice
      • Date
      • LocationContact
      • LocationMediaItem
      • HttpApiDecodeError
      • Issue
      • LocationCoordinates
      • PropertyKey
      • UnauthorizedError
      • LocationMedia
      • MissingPermissionsError
      • User
      • PartialLocation
      • InternalServerError
      • UserNotFoundError
      • UsernameNotUniqueError
      • TranslationSchema
      • EmailNotUniqueError
      • GroupItem
      • CategorySchema
      • TranslationLabelSchema
      • GetOneProduct
      • UpdateGroupsPayload
      • DefaultProduct
      • VariantParentProduct
      • VariantProduct
      • DateFromString
      • LocationNotFoundError
      • ProductNotFoundError
      • ProductApiModule
      • ModuleNotActiveError
      • ModuleIncompatibleWithProductTypeError
      • ProductDeliveryModule
      • DuplicateIdentifierError
      • ProductDistributionModule
      • GroupNotFoundError
      • ProductLocationsModule
      • DuplicateGroupNameError
      • ProductFilesModule
      • ProductStockModule
      • ProductPriceModule
      • UUID
      • ProductWorkflowModule
      • ProductSocialsModule
      • ProductInternalCommentModule
      • ProductCampaignsModule
      • ProductPermissionsModule
      • MetaTagCategoryDefinitionSchema
      • AssetNotFoundError
      • MetaTagDefinitionSchema
      • InvalidLocaleError
      • ProductReservationsModule
      • MetaTagOptionSchema
      • FileNotFoundError
      • ProductTemplateModule
      • ProductFormBuilderModule
      • AssetMetaTagsSchema
      • FormBuilderElement
      • MetaTagValidationError
      • ProductVariantsModule
      • PostNotFoundError
DocsAPI ReferenceAbout
DocsAPI ReferenceAbout
  1. Docs

Permissions

Marvia API uses permission-scoped API keys to securely control access to its features. Each API key can be assigned specific permissions for different entities (e.g., Locations, Users, Groups). These permissions determine which actions are allowed when using the key.

Why Permissions Matter#

Having granular permissions helps to:
Enforce the principle of least privilege
Protect sensitive operations like user management
Limit the damage if an API key is ever exposed
If an API request is made without the required permission, it will be denied with a clear error response. For example:
{
  "_tag": "MissingPermissionsError",
  "permissions": ["read:locations"] // The permissions that are missing
}

Permission Format#

Each permission follows the format: <action>:<entity>
Examples:
read:locations → Read Locations (List or Get details)
create:users → Create Users
update:groups → Update Groups
delete:locations → Delete Locations
API endpoints map to permissions based on their HTTP method:
HTTP MethodActionRequired Permission
GETRead dataread:<entity>
POSTCreate datacreate:<entity>
PUT/PATCHUpdate dataupdate:<entity>
DELETEDelete datadelete:<entity>

Example: List Locations#

Required Permission: read:locations

Editing Permissions#

To modify permissions for an existing key:
1.
Go to Settings → Connections → Marvia API
2.
Locate the relevant API key
3.
Click Edit
API Keys
4.
Add or remove permissions as needed
API Keys
5.
Save changes
6.
View permissions applied to confirm (optional)
API Keys
Modified at 2025-11-21 08:29:59
Previous
Authentication
Next
Filtering
Built with