POST /v1/rbac/assignments
Service: identity · operationId: (none)
Assign a role to a subject for a brand
Required scopes
(no scope declared — review service config)
Request body
{
"type": "object",
"properties": {
"subject_type": {
"type": "string",
"enum": [
"user",
"service"
],
"description": "Subject type"
},
"subject_id": {
"type": "string",
"minLength": 1,
"description": "Subject ID"
},
"brand_id": {
"type": "string",
"minLength": 1,
"description": "Brand scope"
},
"role": {
"type": "string",
"enum": [
"admin",
"staff",
"customer_service",
"customer"
],
"description": "Role to assign"
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "Optional expiry"
}
},
"required": [
"subject_type",
"subject_id",
"brand_id",
"role"
]
}Responses
201 Role assigned
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"subject_type": {
"type": "string",
"enum": [
"user",
"service"
]
},
"subject_id": {
"type": "string"
},
"brand_id": {
"type": "string"
},
"role": {
"type": "string"
},
"granted_at": {
"type": "string"
},
"granted_by": {
"type": "string"
},
"expires_at": {
"type": [
"string",
"null"
]
}
},
"required": [
"id",
"subject_type",
"subject_id",
"brand_id",
"role",
"granted_at",
"granted_by",
"expires_at"
]
}400 Validation error
{
"type": "object",
"properties": {
"error": {
"type": "string"
},
"message": {
"type": "string"
}
},
"required": [
"error",
"message"
]
}Example
curl -X POST https://identity.platform.loop.health/v1/rbac/assignments \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ ... }'Related
services/identity— service overview- All endpoints — directory across services
- Auth model — how scopes are enforced