Authentication and Permissions

You can authenticate your requests using the api key provided by an administrator. Each request would be authenticated by using the header x-api-key: your-secret-key (replace your-secret-key with the actual key provided)

Permissions

There are several levels of permissions which can be used by users in your site. They include:

IsOwnerOrAdmin

Allows access to either:

• The owner of the object

• An admin user within the same church

IsSuperAdmin

Restricts access to super admin users only. This user has all the permissions to read and edit on the administrator panel

IsAdmin

Restricts access to admin users only (role not “member”).

IsAdminOrReadOnly

• Allows GET requests for all users

• Restricts other methods to admin users only

IsOwnerOrReadOnly

Allows read access to any user, but write permissions only to the owner of an object.

IsParentOrReadOnly

Allows read access to any user, but write permissions only to parents listed in the object’s parents field.

IsOwner

Restricts access to only the owner of an object.

HasPermission

Advanced permission system for module-specific access control. Requires specifying the module and required permissions in the request.