# Permissions ## Manage user or token permissions > Manage user or token permissions. For this endpoint, you should send an array of objects (in JSON format) as the body of the request.\ > If you send a combination of \*\*resource\_type\*\* and \*\*resource\_id\*\* that already exists, the permission is \*\*updated\*\*.\ > If the combination doesn't exist, the permission is \*\*created\*\*. ```json {"openapi":"3.1.0","info":{"title":"Account Management","version":"2.0.0"},"tags":[{"name":"Permissions"}],"servers":[{"description":"Mailtrap API","url":"https://mailtrap.io"}],"security":[{"HeaderAuth":[]},{"BearerAuth":[]}],"components":{"securitySchemes":{"HeaderAuth":{"type":"apiKey","description":"Pass the API token in the Api-Token","in":"header","name":"Api-Token"},"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"responses":{"UNAUTHENTICATED":{"description":"Returns unauthorized error message. Check your credentials.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UnauthenticatedResponse"}}}},"PERMISSION_DENIED":{"description":"Returns forbidden error message. Check your permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermissionsDeniedResponse"}}}},"NOT_FOUND":{"description":"Returns not found error message","content":{"application/json":{"schema":{"$ref":"#/components/schemas/NotFoundResponse"}}}}},"schemas":{"UnauthenticatedResponse":{"title":"UnauthenticatedResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}},"PermissionsDeniedResponse":{"title":"PermissionsDeniedResponse","type":"object","properties":{"errors":{"type":"string","description":"Error message"}}},"NotFoundResponse":{"title":"NotFoundResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}}}},"paths":{"/api/accounts/{account_id}/account_accesses/{account_access_id}/permissions/bulk":{"put":{"operationId":"updateUserPermissions","summary":"Manage user or token permissions","description":"Manage user or token permissions. For this endpoint, you should send an array of objects (in JSON format) as the body of the request.\nIf you send a combination of **resource_type** and **resource_id** that already exists, the permission is **updated**.\nIf the combination doesn't exist, the permission is **created**.","tags":["Permissions"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"permissions":{"type":"array","items":{"type":"object","properties":{"resource_id":{"type":"string"},"resource_type":{"type":"string","enum":["account","billing","project","inbox","sending_domain","email_campaign_permission_scope"]},"access_level":{"type":"string","additionalProperties":{"type":["string","integer"]},"description":"Use a number or string. The higher the number, the more rights the specifier has:\n- 100 or \"admin\"\n- 10 or \"viewer\""},"_destroy":{"type":"boolean","description":"(Optional) If true, instead of creating/updating the permission, it destroys it."}}}}}}}}},"responses":{"200":{"description":"Returns message about successful update of permissions.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string"}}}}}},"401":{"$ref":"#/components/responses/UNAUTHENTICATED"},"403":{"$ref":"#/components/responses/PERMISSION_DENIED"},"404":{"$ref":"#/components/responses/NOT_FOUND"}}}}}} ``` ## Get resources > Get all resources in your account (Inboxes, Projects, Domains, Email Campaigns, Billing and Account itself) to which the token has admin access. ```json {"openapi":"3.1.0","info":{"title":"Account Management","version":"2.0.0"},"tags":[{"name":"Permissions"}],"servers":[{"description":"Mailtrap API","url":"https://mailtrap.io"}],"security":[{"HeaderAuth":[]},{"BearerAuth":[]}],"components":{"securitySchemes":{"HeaderAuth":{"type":"apiKey","description":"Pass the API token in the Api-Token","in":"header","name":"Api-Token"},"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"responses":{"UNAUTHENTICATED":{"description":"Returns unauthorized error message. Check your credentials.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UnauthenticatedResponse"}}}},"PERMISSION_DENIED":{"description":"Returns forbidden error message. Check your permissions.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PermissionsDeniedResponse"}}}}},"schemas":{"UnauthenticatedResponse":{"title":"UnauthenticatedResponse","type":"object","properties":{"error":{"type":"string","description":"Error message"}}},"PermissionsDeniedResponse":{"title":"PermissionsDeniedResponse","type":"object","properties":{"errors":{"type":"string","description":"Error message"}}}}},"paths":{"/api/accounts/{account_id}/permissions/resources":{"get":{"operationId":"getResources","summary":"Get resources","description":"Get all resources in your account (Inboxes, Projects, Domains, Email Campaigns, Billing and Account itself) to which the token has admin access.","tags":["Permissions"],"responses":{"200":{"description":"Returns the resources nested according to their hierarchy.\n\n- **access_level** in this response represents the access level of the token used to make the request.","content":{"application/json":{"schema":{"type":"array","items":{"type":"object","properties":{"id":{"type":"integer"},"name":{"type":"string"},"type":{"type":"string"},"access_level":{"type":"integer"},"resources":{"type":"array","items":{"type":"object","properties":{"id":{"type":"integer"},"name":{"type":"string"},"type":{"type":"string"},"access_level":{"type":"integer"},"resources":{"type":"array","items":{"nullable":true,"type":"object"}}}}}}}}}}},"401":{"$ref":"#/components/responses/UNAUTHENTICATED"},"403":{"$ref":"#/components/responses/PERMISSION_DENIED"}}}}}} ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mailtrap.io/developers/account-management/permissions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.