# Access Control

## List User & Invite account accesses

> Get list of account accesses for which \`specifier\_type\` is \`User\` or \`Invite\`. You have to have\
> account admin/owner permissions for this endpoint to work.\
> \
> If you specify \`project\_ids\`, \`inbox\_ids\` or \`domain\_ids\`, the endpoint will return account\
> accesses for these resources.

```json
{"openapi":"3.1.0","info":{"title":"Account Management","version":"2.0.0"},"tags":[{"name":"Account Accesses"}],"servers":[{"description":"Mailtrap API","url":"https://mailtrap.io"}],"security":[{"HeaderAuth":[]},{"BearerAuth":[]}],"components":{"securitySchemes":{"HeaderAuth":{"type":"apiKey","description":"Pass the API token in the Api-Token","in":"header","name":"Api-Token"},"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"AccountAccess":{"title":"AccountAccess","description":"Assigns resource-specific permissions to a specifier.","type":"object","properties":{"id":{"type":"integer","description":"The unique identifier of the account access"},"specifier_type":{"type":"string","enum":["User","Invite","ApiToken"],"description":"The type of the specifier that has permissions to the resources"},"specifier":{"anyOf":[{"description":"Describes a specifier of type `User`","properties":{"id":{"type":"integer","description":"User unique identifier"},"email":{"type":"string","format":"email","description":"User email"},"name":{"type":"string","description":"User name"},"two_factor_authentication_enabled":{"type":"boolean","description":"Indicates whether two-factor authentication (2FA) is enabled for the user"}}},{"description":"Describes a specifier of type `Invite`","properties":{"id":{"type":"integer","description":"Invite unique identifier"},"email":{"type":"string","format":"email","description":"Email of the invited user"}}},{"description":"Describes a specifier of type `ApiToken`","properties":{"id":{"type":"integer","description":"Api token unique identifier"},"name":{"type":"string","description":"Api token name"},"author_name":{"type":"string","description":"Describes the origin of the token"},"token":{"type":"string","description":"The token value"},"expires_at":{"type":"string","format":"date-time","description":"Api token expiration time"}}}],"description":"Entity that has permissions to the resources","type":"object"},"resources":{"type":"array","description":"A list of resources to which the specifier has access","items":{"type":"object","properties":{"resource_id":{"type":"integer","description":"The unique identifier of resource to which the specifier has access"},"resource_type":{"type":"string","description":"The type of resource to which the specifier has access","enum":["account","billing","project","inbox","sending_domain","email_campaign_permission_scope"]},"access_level":{"type":"integer","enum":[1000,100,50,10,1],"description":"The higher the value, the more rights the specifier has:\n- 1000 is for owner\n- 100 is for admin\n- 50 is for viewer+\n- 10 is for viewer\n- 1 is for indeterminate"}}}},"permissions":{"type":"object","description":"Describes the specifier's permissions to resources","properties":{"can_read":{"type":"boolean"},"can_update":{"type":"boolean"},"can_destroy":{"type":"boolean"},"can_leave":{"type":"boolean"}}}}},"UnauthenticatedResponse":{"title":"UnauthenticatedResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}},"PermissionsDeniedResponse":{"title":"PermissionsDeniedResponse","type":"object","properties":{"errors":{"type":"string","description":"Error message"}}}},"responses":{"UNAUTHENTICATED":{"description":"Returns unauthorized error message. Check your credentials.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UnauthenticatedResponse"}}}},"PERMISSION_DENIED":{"description":"Returns forbidden error message. Check your permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermissionsDeniedResponse"}}}}}},"paths":{"/api/accounts/{account_id}/account_accesses":{"get":{"operationId":"getAllUsersInAccount","summary":"List User & Invite account accesses","description":"Get list of account accesses for which `specifier_type` is `User` or `Invite`. You have to have\naccount admin/owner permissions for this endpoint to work.\n\nIf you specify `project_ids`, `inbox_ids` or `domain_ids`, the endpoint will return account\naccesses for these resources.","tags":["Account Accesses"],"parameters":[{"name":"project_ids","description":"The identifiers of the projects for which to include the results","in":"query","schema":{"type":"array","items":{"type":"string"}}},{"name":"inbox_ids","description":"The identifiers of the inboxes for which to include the results","in":"query","schema":{"type":"array","items":{"type":"string"}}},{"schema":{"type":"array","items":{"type":"string"}},"in":"query","name":"domain_ids","description":"The identifiers of the domains for which to include the results"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AccountAccess"}}}}},"401":{"$ref":"#/components/responses/UNAUTHENTICATED"},"403":{"$ref":"#/components/responses/PERMISSION_DENIED"}}}}}}
```

## Remove account access

> If specifier type is User, it removes user permissions.\
> \
> If specifier type is Invite or ApiToken, it removes specifier along with permissions.\
> \
> You have to be an account admin/owner for this endpoint to work.

```json
{"openapi":"3.1.0","info":{"title":"Account Management","version":"2.0.0"},"tags":[{"name":"Account Accesses"}],"servers":[{"description":"Mailtrap API","url":"https://mailtrap.io"}],"security":[{"HeaderAuth":[]},{"BearerAuth":[]}],"components":{"securitySchemes":{"HeaderAuth":{"type":"apiKey","description":"Pass the API token in the Api-Token","in":"header","name":"Api-Token"},"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"responses":{"UNAUTHENTICATED":{"description":"Returns unauthorized error message. Check your credentials.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UnauthenticatedResponse"}}}},"PERMISSION_DENIED":{"description":"Returns forbidden error message. Check your permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermissionsDeniedResponse"}}}},"NOT_FOUND":{"description":"Returns not found error message","content":{"application/json":{"schema":{"$ref":"#/components/schemas/NotFoundResponse"}}}}},"schemas":{"UnauthenticatedResponse":{"title":"UnauthenticatedResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}},"PermissionsDeniedResponse":{"title":"PermissionsDeniedResponse","type":"object","properties":{"errors":{"type":"string","description":"Error message"}}},"NotFoundResponse":{"title":"NotFoundResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}}}},"paths":{"/api/accounts/{account_id}/account_accesses/{account_access_id}":{"delete":{"operationId":"deleteAccountAccessById","summary":"Remove account access","description":"If specifier type is User, it removes user permissions.\n\nIf specifier type is Invite or ApiToken, it removes specifier along with permissions.\n\nYou have to be an account admin/owner for this endpoint to work.","tags":["Account Accesses"],"responses":{"200":{"description":"Returns confirmation of successful deletion and id of the deleted access.","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"integer"}}}}}},"401":{"$ref":"#/components/responses/UNAUTHENTICATED"},"403":{"$ref":"#/components/responses/PERMISSION_DENIED"},"404":{"$ref":"#/components/responses/NOT_FOUND"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mailtrap.io/developers/account-management/access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.