> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Roles and permissions
> How Dfns roles, permissions, and assignments control which users and service accounts can perform which actions in your organization.
export const Delete = props => {
return
DEL
{props.children}
;
};
export const Get = props => {
return
GET
{props.children}
;
};
export const Put = props => {
return
PUT
{props.children}
;
};
export const Post = props => {
return
POST
{props.children}
;
};
Roles enable you to control access to the platform on a granular basis (following the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege)). As an example, if you have an employee who needs to initiate payments, but shouldn't be able to manipulate policies, you can create a role for that.
Start by [creating a role](/api-reference/permissions/create-permission), selecting which permissions to include, and [assigning it](/api-reference/permissions/assign-permission) to a user.
## Terminology
* **Role**: a role is a named collection of permissions that can be assigned to users or service accounts. When assigned, a role allows the user to perform those actions in the platform. Each role has a unique name and ID. A role can be assigned to one or multiple users, depending on what you need.
* **Permission**: a permission grants access to one action in the API (e.g. `Wallets:Create`). There is a fixed list of permissions ([see below](#list-of-permissions)) that you can include in roles. Every API endpoint requires one or more permissions to use it.
* **Assignment**: the act of granting a role to a user or service account. A role can be assigned (aka "granted") or unassigned (aka "revoked").
In the API, roles are called "permissions" and permissions are called "operations". When you see `POST /permissions` in the API reference, it means "create a role". The dashboard uses the more intuitive terminology.
## Dfns-managed roles
When your Dfns organization is created, some roles already exist in it. They are special: some of them are automatically assigned, and some of them are immutable (cannot be updated or archived).
### **`ManagedFullAdminAccess`**
This role is automatically assigned to the first user of the organization. It includes all existing (and future) permissions available in the Dfns API. It's immutable, so you cannot update it or archive it. You can only assign it or revoke it.
### **`ManagedDefaultEndUserAccess`**
This role **is assigned by default to any new EndUser** in your organization, and comes with an initial set of permissions (which you can update at any time) allowing any `EndUser` to use the wallet delegated to them by default.
Regardless of roles, an `EndUser` can only access wallets delegated to them. This role does not allow end-users to access your organization's wallets. See [Wallet Visibility](#wallet-visibility) below.
This role is meant to facilitate end-user access management. Since all your end users have this role assigned by default, you don't necessarily need to explicitly grant them other roles to allow them to use their wallets, and you only need to modify this one role to affect all your end users at once.
This role is not immutable, and you can still modify it or revoke it.
## User types
Dfns supports three types of identities, each designed for different use cases:
| Type | Description | Typical use |
| ------------------ | ------------------ | ------------------------------------------------ |
| `CustomerEmployee` | Your team members | Dashboard access, wallet management |
| `EndUser` | Your end customers | Delegated wallets (user holds signing authority) |
| Service Account | Machine identity | Automation, server-to-server API calls |
### Comparison matrix
| Capability | CustomerEmployee | EndUser | Service Account |
| -------------------- | -------------------- | ------------------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| Wallet visibility | All org wallets | Only delegated wallets | All org wallets |
| Dashboard access | Yes | No | No |
| Policy coverage | Yes | No (bypassed) | Yes |
| Can hold credentials | Yes (passkeys, keys) | Yes (passkeys, keys) | Yes (keys only) |
| Created via | Dashboard or API | [Delegated registration](/api-reference/auth/create-delegated-registration-challenge) | [Service Account API](/api-reference/auth/create-service-account) |
## Wallet visibility
The wallets a user can see depends on their user type:
| User Type | Wallet Visibility |
| ------------------ | ------------------------------- |
| `CustomerEmployee` | All wallets in the organization |
| `EndUser` | Only wallets delegated to them |
| Service Account | All wallets in the organization |
**CustomerEmployee** users are your team members who access the Dfns dashboard and manage wallets on behalf of your organization. When granted `Wallets:Read`, they can see all org-managed wallets. This enables shared visibility across your team for operational purposes.
**EndUser** accounts are for your end customers using [delegated wallets](/advanced/delegated-wallets). Each EndUser can only access wallets that have been delegated to them - they cannot see other users' wallets or your organization's wallets. This isolation is enforced at the platform level, regardless of permissions.
**Service Accounts** are machine identities for server-to-server API calls. They can access all organization wallets (when granted appropriate permissions) and are commonly used for automation workflows.
Delegated wallets strictly belong to the EndUser they are delegated to. No one else in the organization can access or manage them - this includes policies, which do not apply to delegated wallets. Only the EndUser can sign transactions for their wallets.
**Need per-user wallet isolation?** `CustomerEmployee` users always see all organization wallets. This cannot be restricted with permissions. Two approaches:
* **Delegated wallets:** Use `EndUser` accounts with [delegated wallets](/guides/developers/delegated-wallets). Each user can only access wallets delegated to them. Isolation is enforced at the platform level.
* **Proxy through your backend:** Manage all Dfns wallets via a [service account](/guides/developers/service-account), and handle user-to-wallet mapping in your own backend. Your app controls which wallets each user sees, without registering users in Dfns.
## Role assignment
To assign roles to users, you need the `Permissions:Assign` permission. You can also create [policies](/core-concepts/policies) on `Permissions:Assign` activity to require approval for role changes.
## List of permissions
### Agreements
API permission: `Agreements:Acceptance:Create`
* Record agreement acceptance (/agreements/\{agreementId}/accept – [doc](/api-reference/agreements/record-agreement-acceptance))
API permission: `Agreements:Acceptance:Read`
* Get latest unaccepted agreement (/agreements/latest-unaccepted – [doc](/api-reference/agreements/get-latest-unaccepted-agreement))
### Allocations
API permission: `Allocations:Create`
* Create allocation (/allocations – [doc](/api-reference/allocations/create-allocation))
API permission: `Allocations:Read`
* List allocations (/allocations – [doc](/api-reference/allocations/list-allocations))
* List allocation actions (/allocations/\{allocationId}/actions – [doc](/api-reference/allocations/list-allocation-actions))
* Get allocation (/allocations/\{allocationId} – [doc](/api-reference/allocations/get-allocation))
API permission: `Allocations:Update`
* Create allocation action (/allocations/\{allocationId}/actions – [doc](/api-reference/allocations/create-allocation-action))
### Analytics
*Dashboard only — no public API endpoint.*
### Authentication
API permission: `Auth:Login:Delegated`
* Delegated login (/auth/login/delegated – [doc](/api-reference/auth/delegated-login))
API permission: `Auth:Logs:Read`
* List audit logs (/auth/action/logs – [doc](/api-reference/auth/list-audit-logs))
* Get audit log (/auth/action/logs/\{id} – [doc](/api-reference/auth/get-audit-log))
API permission: `Auth:Pats:Create`
* Create personal access token (/auth/pats – [doc](/api-reference/auth/create-personal-access-token))
API permission: `Auth:Recover:Delegated`
* Create delegated recovery challenge (/auth/recover/user/delegated – [doc](/api-reference/auth/create-delegated-recovery-challenge))
API permission: `Auth:Register:Delegated`
* Create delegated registration challenge (/auth/registration/delegated – [doc](/api-reference/auth/create-delegated-registration-challenge))
API permission: `Auth:ServiceAccounts:Activate`
* Activate service account (/auth/service-accounts/\{serviceAccountId}/activate – [doc](/api-reference/auth/activate-service-account))
API permission: `Auth:ServiceAccounts:Create`
* Create service account (/auth/service-accounts – [doc](/api-reference/auth/create-service-account))
API permission: `Auth:ServiceAccounts:Deactivate`
* Deactivate service account (/auth/service-accounts/\{serviceAccountId}/deactivate – [doc](/api-reference/auth/deactivate-service-account))
API permission: `Auth:ServiceAccounts:Delete`
* Delete service account (/auth/service-accounts/\{serviceAccountId} – [doc](/api-reference/auth/delete-service-account))
API permission: `Auth:ServiceAccounts:Read`
* List service accounts (/auth/service-accounts – [doc](/api-reference/auth/list-service-accounts))
* Get service account (/auth/service-accounts/\{serviceAccountId} – [doc](/api-reference/auth/get-service-account))
API permission: `Auth:ServiceAccounts:Update`
* Update service account (/auth/service-accounts/\{serviceAccountId} – [doc](/api-reference/auth/update-service-account))
API permission: `Auth:Users:Activate`
* Activate user (/auth/users/\{userId}/activate – [doc](/api-reference/auth/activate-user))
API permission: `Auth:Users:Create`
* Create user (/auth/users – [doc](/api-reference/auth/create-user))
API permission: `Auth:Users:Deactivate`
* Deactivate user (/auth/users/\{userId}/deactivate – [doc](/api-reference/auth/deactivate-user))
API permission: `Auth:Users:Delete`
* Delete user (/auth/users/\{userId} – [doc](/api-reference/auth/delete-user))
API permission: `Auth:Users:Read`
* Get user (/auth/users/\{userId} – [doc](/api-reference/auth/get-user))
* List users (/auth/users – [doc](/api-reference/auth/list-users))
API permission: `Auth:Users:Update`
* Update user (/auth/users/\{userId} – [doc](/api-reference/auth/update-user))
### Billing
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
### Events
*Dashboard only — no public API endpoint.*
### Exchanges
API permission: `Exchanges:Create`
* Create exchange (/exchanges – [doc](/api-reference/exchanges/create-exchange))
API permission: `Exchanges:Delete`
* Delete exchange (/exchanges/\{exchangeId} – [doc](/api-reference/exchanges/delete-exchange))
API permission: `Exchanges:Deposits:Create`
* Create exchange deposit (/exchanges/\{exchangeId}/accounts/\{accountId}/deposits – [doc](/api-reference/exchanges/create-exchange-deposit))
API permission: `Exchanges:Read`
* Get exchange (/exchanges/\{exchangeId} – [doc](/api-reference/exchanges/get-exchange))
* List exchanges (/exchanges – [doc](/api-reference/exchanges/list-exchanges))
* List accounts (/exchanges/\{exchangeId}/accounts – [doc](/api-reference/exchanges/list-accounts))
* List account assets (/exchanges/\{exchangeId}/accounts/\{accountId}/assets – [doc](/api-reference/exchanges/list-account-assets))
* List asset withdrawal networks (/exchanges/\{exchangeId}/accounts/\{accountId}/assets/\{asset}/withdrawal-networks – [doc](/api-reference/exchanges/list-asset-withdrawal-networks))
API permission: `Exchanges:Withdrawals:Create`
* Create exchange withdrawal (/exchanges/\{exchangeId}/accounts/\{accountId}/withdrawals – [doc](/api-reference/exchanges/create-exchange-withdrawal))
### Fee Sponsors
API permission: `FeeSponsors:Create`
* Create fee sponsor (/fee-sponsors – [doc](/api-reference/fee-sponsors/create-fee-sponsor))
API permission: `FeeSponsors:Delete`
* Delete fee sponsor (/fee-sponsors/\{feeSponsorId} – [doc](/api-reference/fee-sponsors/delete-fee-sponsor))
API permission: `FeeSponsors:Read`
* List fee sponsors (/fee-sponsors – [doc](/api-reference/fee-sponsors/list-fee-sponsors))
* Get fee sponsor (/fee-sponsors/\{feeSponsorId} – [doc](/api-reference/fee-sponsors/get-fee-sponsor))
* List sponsored fees (/fee-sponsors/\{feeSponsorId}/fees – [doc](/api-reference/fee-sponsors/list-sponsored-fees))
API permission: `FeeSponsors:Update`
* Deactivate fee sponsor (/fee-sponsors/\{feeSponsorId}/deactivate – [doc](/api-reference/fee-sponsors/deactivate-fee-sponsor))
* Activate fee sponsor (/fee-sponsors/\{feeSponsorId}/activate – [doc](/api-reference/fee-sponsors/activate-fee-sponsor))
API permission: `FeeSponsors:Use`
* Sign and broadcast transaction (/wallets/\{walletId}/transactions – [doc](/api-reference/wallets/sign-and-broadcast-transaction)) Required if **`feeSponsorId`** is specified
* Transfer asset (/wallets/\{walletId}/transfers – [doc](/api-reference/wallets/transfer-asset)) Required if **`feeSponsorId`** is specified
### Key Stores
API permission: `KeyStores:Read`
* List key stores (/key-stores – [doc](/api-reference/signers/list-key-stores))
### Keys
API permission: `Keys:ChildKeys:Create`
* Create key (/keys – [doc](/api-reference/keys/create-key)) Required if **`deriveFrom`** is specified
API permission: `Keys:Create`
* Create key (/keys – [doc](/api-reference/keys/create-key))
* Create wallet (/wallets – [doc](/api-reference/wallets/create-wallet)) Required if wallet creation also creates a new [Key entity](https://docs.dfns.co/api-reference/keys). This is the default behavior
API permission: `Keys:Delegate`
* Create key (/keys – [doc](/api-reference/keys/create-key)) Required if **`delegateTo`** is specified
* Delegate key (/keys/\{keyId}/delegate – [doc](/api-reference/keys/delegate-key))
* Create wallet (/wallets – [doc](/api-reference/wallets/create-wallet)) Required if **`delegateTo`** is specified
API permission: `Keys:Delete`
* Delete key (/keys/\{keyId} – [doc](/api-reference/keys/delete-key))
API permission: `Keys:Derive`
* Derive key (/keys/\{keyId}/derive – [doc](/api-reference/keys/derive-key))
API permission: `Keys:Export`
* Export key (/keys/\{keyId}/export – [doc](/api-reference/keys/export-key))
API permission: `Keys:Import`
* Import key (/keys/import – [doc](/api-reference/keys/import-key))
* Import wallet (/wallets/import – [doc](/api-reference/wallets/import-wallet))
API permission: `Keys:Read`
* List keys (/keys – [doc](/api-reference/keys/list-keys))
* Get key (/keys/\{keyId} – [doc](/api-reference/keys/get-key))
API permission: `Keys:Reuse`
* Create wallet (/wallets – [doc](/api-reference/wallets/create-wallet)) Required if **`signingKey.id`** is specified. Wallet will reuse an existing key instead of creating a new one
API permission: `Keys:Signatures:Create`
* Generate signature (/keys/\{keyId}/signatures – [doc](/api-reference/keys/generate-signature))
API permission: `Keys:Signatures:Read`
* List signatures (/keys/\{keyId}/signatures – [doc](/api-reference/keys/list-signatures))
* Get signature (/keys/\{keyId}/signatures/\{signatureId} – [doc](/api-reference/keys/get-signature))
API permission: `Keys:Update`
* Update key (/keys/\{keyId} – [doc](/api-reference/keys/update-key))
### Networks
API permission: `Networks:CantonValidators:Create`
* Create canton validator (/networks/\{network}/validators – [doc](/api-reference/networks/create-canton-validator))
API permission: `Networks:CantonValidators:Delete`
* Delete canton validator (/networks/\{network}/validators/\{validatorId} – [doc](/api-reference/networks/delete-canton-validator))
API permission: `Networks:CantonValidators:Read`
* Get canton validator (/networks/\{network}/validators/\{validatorId} – [doc](/api-reference/networks/get-canton-validator))
* List canton validators (/networks/\{network}/validators – [doc](/api-reference/networks/list-canton-validators))
API permission: `Networks:CantonValidators:Update`
* Update canton validator (/networks/\{network}/validators/\{validatorId} – [doc](/api-reference/networks/update-canton-validator))
### Organization
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
### Payouts
API permission: `Payouts:Create`
* Create payout (/payouts – [doc](/api-reference/payouts/create-payout))
* Request payout quote (/payouts/quote – [doc](/api-reference/payouts/request-payout-quote))
API permission: `Payouts:Read`
* List payouts (/payouts – [doc](/api-reference/payouts/list-payouts))
* Get payout status (/payouts/\{payoutId} – [doc](/api-reference/payouts/get-payout-status))
API permission: `Payouts:Write`
* Create payout action (/payouts/\{payoutId}/action – [doc](/api-reference/payouts/create-payout-action))
### Permissions
API permission: `Permissions:Archive`
* Archive permission (/permissions/\{permissionId}/archive – [doc](/api-reference/permissions/archive-permission))
API permission: `Permissions:Assign`
* Assign permission (/permissions/\{permissionId}/assignments – [doc](/api-reference/permissions/assign-permission))
API permission: `Permissions:Assignments:Read`
* List permission assignments (/permissions/\{permissionId}/assignments – [doc](/api-reference/permissions/list-permission-assignments))
API permission: `Permissions:Create`
* Create permission (/permissions – [doc](/api-reference/permissions/create-permission))
API permission: `Permissions:Read`
* List permissions (/permissions – [doc](/api-reference/permissions/list-permissions))
* Get permission (/permissions/\{permissionId} – [doc](/api-reference/permissions/get-permission))
API permission: `Permissions:Revoke`
* Revoke permission (/permissions/\{permissionId}/assignments/\{assignmentId} – [doc](/api-reference/permissions/revoke-permission))
API permission: `Permissions:Update`
* Update permission (/permissions/\{permissionId} – [doc](/api-reference/permissions/update-permission))
### Policies
API permission: `Policies:Approvals:Approve`
* Create approval decision (/v2/policy-approvals/\{approvalId}/decisions – [doc](/api-reference/policies/create-approval-decision))
API permission: `Policies:Approvals:Read`
* Get approval (/v2/policy-approvals/\{approvalId} – [doc](/api-reference/policies/get-approval))
* List approvals (/v2/policy-approvals – [doc](/api-reference/policies/list-approvals))
API permission: `Policies:Archive`
* Delete policy (/v2/policies/\{policyId} – [doc](/api-reference/policies/delete-policy))
API permission: `Policies:Create`
* Create policy (/v2/policies – [doc](/api-reference/policies/create-policy))
API permission: `Policies:Read`
* Get policy (/v2/policies/\{policyId} – [doc](/api-reference/policies/get-policy))
* List policies (/v2/policies – [doc](/api-reference/policies/list-policies))
API permission: `Policies:Update`
* Update policy (/v2/policies/\{policyId} – [doc](/api-reference/policies/update-policy))
### Registry
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
*Dashboard only — no public API endpoint.*
### Signers
API permission: `Signers:ListSigners`
* List signers (/signers – [doc](/api-reference/signers/list-signers))
### Staking
API permission: `Stakes:Create`
* Create stake (/staking/stakes – [doc](/api-reference/staking/create-stake))
API permission: `Stakes:Read`
* List stakes (/staking/stakes – [doc](/api-reference/staking/list-stakes))
* List stake actions (/staking/stakes/\{stakeId}/actions – [doc](/api-reference/staking/list-stake-actions))
* Get stakes (/staking/stakes/\{stakeId} – [doc](/api-reference/staking/get-stakes))
* Get stake rewards (/staking/stakes/\{stakeId}/rewards – [doc](/api-reference/staking/get-stake-rewards))
API permission: `Stakes:Update`
* Create stake action (/staking/stakes/\{stakeId}/actions – [doc](/api-reference/staking/create-stake-action))
### Swaps
API permission: `Swaps:Create`
* Create swap (/swaps – [doc](/api-reference/swaps/create-swap))
API permission: `Swaps:Read`
* List swaps (/swaps – [doc](/api-reference/swaps/list-swaps))
* Get swap (/swaps/\{swapId} – [doc](/api-reference/swaps/get-swap))
### Wallets
API permission: `Wallets:Create`
* Activate wallet (/wallets/\{walletId}/activate – [doc](/api-reference/wallets/activate-wallet))
* Create wallet (/wallets – [doc](/api-reference/wallets/create-wallet))
* Import wallet (/wallets/import – [doc](/api-reference/wallets/import-wallet))
API permission: `Wallets:Offers:Read`
* Get offer (/wallets/\{walletId}/offers/\{offerId} – [doc](/api-reference/wallets/get-offer))
* List offers (/wallets/\{walletId}/offers – [doc](/api-reference/wallets/list-offers))
API permission: `Wallets:Offers:Settle`
* Accept offer (/wallets/\{walletId}/offers/\{offerId}/accept – [doc](/api-reference/wallets/accept-offer))
* Reject offer (/wallets/\{walletId}/offers/\{offerId}/reject – [doc](/api-reference/wallets/reject-offer))
API permission: `Wallets:Read`
* Proxy a request to the canton ledger api (/wallets/\{walletId}/canton/ledger-api – [doc](/api-reference/wallets/proxy-a-request-to-the-canton-ledger-api))
* List wallets (/wallets – [doc](/api-reference/wallets/list-wallets))
* Get wallet (/wallets/\{walletId} – [doc](/api-reference/wallets/get-wallet))
* Get wallet assets (/wallets/\{walletId}/assets – [doc](/api-reference/wallets/get-wallet-assets))
* Get wallet history (/wallets/\{walletId}/history – [doc](/api-reference/wallets/get-wallet-history))
* Get wallet nfts (/wallets/\{walletId}/nfts – [doc](/api-reference/wallets/get-wallet-nfts))
* List org wallet history (/wallets/all/history – [doc](/api-reference/wallets/list-org-wallet-history))
API permission: `Wallets:Tags:Add`
* Create wallet (/wallets – [doc](/api-reference/wallets/create-wallet)) Required if **`tags`** are specified
* Tag wallet (/wallets/\{walletId}/tags – [doc](/api-reference/wallets/tag-wallet))
API permission: `Wallets:Tags:Delete`
* Untag wallet (/wallets/\{walletId}/tags – [doc](/api-reference/wallets/untag-wallet))
API permission: `Wallets:Transactions:Abort`
* Abort transaction (/wallets/\{walletId}/transactions/\{transactionId}/abort – [doc](/api-reference/wallets/abort-transaction))
API permission: `Wallets:Transactions:Create`
* Sign and broadcast transaction (/wallets/\{walletId}/transactions – [doc](/api-reference/wallets/sign-and-broadcast-transaction))
* Cancel transaction (/wallets/\{walletId}/transactions/\{transactionId}/cancel – [doc](/api-reference/wallets/cancel-transaction))
* Cancel transfer (/wallets/\{walletId}/transfers/\{transferId}/cancel – [doc](/api-reference/wallets/cancel-transfer))
* Speed up transaction (/wallets/\{walletId}/transactions/\{transactionId}/speed-up – [doc](/api-reference/wallets/speed-up-transaction))
* Speed up transfer (/wallets/\{walletId}/transfers/\{transferId}/speed-up – [doc](/api-reference/wallets/speed-up-transfer))
API permission: `Wallets:Transactions:Read`
* List transactions (/wallets/\{walletId}/transactions – [doc](/api-reference/wallets/list-transactions))
* Cancel transaction (/wallets/\{walletId}/transactions/\{transactionId}/cancel – [doc](/api-reference/wallets/cancel-transaction))
* Speed up transaction (/wallets/\{walletId}/transactions/\{transactionId}/speed-up – [doc](/api-reference/wallets/speed-up-transaction))
* Get transaction (/wallets/\{walletId}/transactions/\{transactionId} – [doc](/api-reference/wallets/get-transaction))
API permission: `Wallets:Transfers:Abort`
* Abort transfer (/wallets/\{walletId}/transfers/\{transferId}/abort – [doc](/api-reference/wallets/abort-transfer))
API permission: `Wallets:Transfers:Create`
* Create exchange deposit (/exchanges/\{exchangeId}/accounts/\{accountId}/deposits – [doc](/api-reference/exchanges/create-exchange-deposit))
* Transfer asset (/wallets/\{walletId}/transfers – [doc](/api-reference/wallets/transfer-asset))
API permission: `Wallets:Transfers:Read`
* Cancel transfer (/wallets/\{walletId}/transfers/\{transferId}/cancel – [doc](/api-reference/wallets/cancel-transfer))
* Speed up transfer (/wallets/\{walletId}/transfers/\{transferId}/speed-up – [doc](/api-reference/wallets/speed-up-transfer))
* Get transfer (/wallets/\{walletId}/transfers/\{transferId} – [doc](/api-reference/wallets/get-transfer))
* List transfers (/wallets/\{walletId}/transfers – [doc](/api-reference/wallets/list-transfers))
API permission: `Wallets:Update`
* Update wallet (/wallets/\{walletId} – [doc](/api-reference/wallets/update-wallet))
### Webhooks
API permission: `Webhooks:Create`
* Create webhook (/webhooks – [doc](/api-reference/webhooks/create-webhook))
API permission: `Webhooks:Delete`
* Delete webhook (/webhooks/\{webhookId} – [doc](/api-reference/webhooks/delete-webhook))
API permission: `Webhooks:Events:Read`
* Get webhook event (/webhooks/\{webhookId}/events/\{webhookEventId} – [doc](/api-reference/webhooks/get-webhook-event))
* List webhook events (/webhooks/\{webhookId}/events – [doc](/api-reference/webhooks/list-webhook-events))
API permission: `Webhooks:Ping`
* Ping webhook (/webhooks/\{webhookId}/ping – [doc](/api-reference/webhooks/ping-webhook))
API permission: `Webhooks:Read`
* List webhooks (/webhooks – [doc](/api-reference/webhooks/list-webhooks))
* Get webhook (/webhooks/\{webhookId} – [doc](/api-reference/webhooks/get-webhook))
API permission: `Webhooks:Update`
* Update webhook (/webhooks/\{webhookId} – [doc](/api-reference/webhooks/update-webhook))