1. Overview
  2. Authentication
  3. Authorization

1 Overview

Each API endpoint accepts certain authentication and authorization types. Authentication types refer to the method a user has been authenticated with at login. Whereas, Authorization types refer to a users permission to use an API endpoint to perform a specific action (ex.: user must have admin access on a space to change its name).

2 Authentication

NameDescription
JwtAuthenticatorFor internal Zang use only.
Oauth2AuthenticatorAuthenticates access token issued from Zang Identity OAuth2 process.
AnonymousAuthenticatorAuthenticates users with no Zang account that have been invited to a space.
noneAuthenticatorNo authentication performed.

3 Authorization

NameDescription
PERM_TOPIC_READUser is a member or guest of the space (topic).
PERM_TOPIC_UPDATEUser is a member of the space (topic).
RoleAdminUser has admin access on the space (topic).
TOPIC_ATTENDEE_LEAVESpace member can kick guests only. Space admin cannot kick the only admin. No user can be kicked from a direct space.
isInviteCreatorByParamsThe user that created and sent an invitation.
PERM_MESSAGE_DELETEUser who sent the message or the admin of the space the message is in.
OAuthAuthorizerUser has OAuth scope 'https://accounts.zang.io/auth/zangspaces'.
PERM_TOPIC_CREATEThe user has permission to create spaces (topics). Must be a user.