Get the caller's capabilities on a document

const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.factify.com/v1/documents/{document_id}/capabilities', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));

{
  "attach_policy": true,
  "comment_private": true,
  "comment_public": true,
  "copy_content": true,
  "create_version": true,
  "export": true,
  "grant_access": true,
  "list_versions": true,
  "manage_access": true,
  "open": true,
  "screenshot": true,
  "trash": true,
  "view": true,
  "view_analytics": true,
  "view_leads": true,
  "view_timeline": true
}

Access Inspection

Get the caller's capabilities on a document

Returns the caller’s per-action permission booleans for a document without loading the full document payload. Use this as a lightweight replacement for the v1alpha inspectAccess endpoint when only the permission set is needed (e.g. rendering the share modal, gating toolbar actions).

Each field is true when the caller has that permission, false when denied, or absent when the evaluation was skipped (e.g. SpiceDB infra error). Absent means “unknown”, not “denied”.

GET

documents

{document_id}

capabilities

Get the caller's capabilities on a document

const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.factify.com/v1/documents/{document_id}/capabilities', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));

{
  "attach_policy": true,
  "comment_private": true,
  "comment_public": true,
  "copy_content": true,
  "create_version": true,
  "export": true,
  "grant_access": true,
  "list_versions": true,
  "manage_access": true,
  "open": true,
  "screenshot": true,
  "trash": true,
  "view": true,
  "view_analytics": true,
  "view_leads": true,
  "view_timeline": true
}

Authorizations

Authorization

string

header

required

Bearer authentication using a factapi-issued API key (ffy_<env>_<base32_uuid><base62_random>). Cookie-based sessions are accepted automatically by user-facing endpoints but are not surfaced as an OpenAPI auth scheme.

Path Parameters

document_id

string

required

Document ID

Example:

"doc_01h2xcejqtf2nbrexx3vqjhp41"

Response

Permissions the authenticated user has on a document. Each field is optional; absent means the capability is not known or not evaluated.

attach_policy

boolean

comment_private

boolean

comment_public

boolean

copy_content

boolean

create_version

boolean

export

boolean

grant_access

boolean

list_versions

boolean

manage_access

boolean

open

boolean

screenshot

boolean

trash

boolean

view

boolean

view_analytics

boolean

view_leads

boolean

view_timeline

boolean

Detach a policy from a document List access requests for a document

Documentation Index

Authorizations

Path Parameters

Response