GET /v1/rbac/roles
Service: identity · operationId: (none)
List active role assignments for a subject+brand
Required scopes
(no scope declared — review service config)
Query parameters
subject_id(string) required —brand_id(string) required —
Responses
200 Active role assignments
{
"type": "object",
"properties": {
"assignments": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"subject_type": {
"type": "string",
"enum": [
"user",
"service"
]
},
"subject_id": {
"type": "string"
},
"brand_id": {
"type": "string"
},
"role": {
"type": "string"
},
"granted_at": {
"type": "string"
},
"granted_by": {
"type": "string"
},
"expires_at": {
"type": [
"string",
"null"
]
}
},
"required": [
"id",
"subject_type",
"subject_id",
"brand_id",
"role",
"granted_at",
"granted_by",
"expires_at"
]
}
}
},
"required": [
"assignments"
]
}400 Validation error
{
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}Example
curl -X GET https://identity.platform.loop.health/v1/rbac/roles \
-H "Authorization: Bearer $ACCESS_TOKEN"Related
services/identity— service overview- All endpoints — directory across services
- Auth model — how scopes are enforced