Skip to main content

Overview

The Permissions API provides endpoints to verify user roles and access levels within the Pump.fun platform. These endpoints help enforce role-based access control (RBAC) for administrative and privileged operations.

Admin Check

Check if the authenticated user has administrator privileges.

Authentication

Requires JWT authentication via Authorization: Bearer <token> header.

Headers

Authorization
string
required
Bearer token for authentication
Authorization: Bearer <your_jwt_token>
Accept
string
required
Response content type
Accept: application/json
Origin
string
required
Request origin
Origin: https://pump.fun

Response

200
object
Admin status check result

Response Schema

isAdmin
boolean
true if the user has admin privileges, false otherwise

Example Usage

curl -X GET "https://frontend-api-v3.pump.fun/auth/is-admin" \
  -H "Authorization: Bearer <your_token>" \
  -H "Accept: application/json" \
  -H "Origin: https://pump.fun"

Super Admin Check

Check if the authenticated user has super administrator privileges. Super admins have elevated permissions beyond regular administrators.

Authentication

Requires JWT authentication via Authorization: Bearer <token> header.

Headers

Authorization
string
required
Bearer token for authentication
Authorization: Bearer <your_jwt_token>
Accept
string
required
Response content type
Accept: application/json
Origin
string
required
Request origin
Origin: https://pump.fun

Response

200
object
Super admin status check result

Response Schema

isSuperAdmin
boolean
true if the user has super admin privileges, false otherwise

Example Usage

curl -X GET "https://frontend-api-v3.pump.fun/auth/is-super-admin" \
  -H "Authorization: Bearer <your_token>" \
  -H "Accept: application/json" \
  -H "Origin: https://pump.fun"
Super admin privileges should be restricted to a minimal number of trusted users. These accounts have full system access.

Jurisdiction Check

Verify if the authenticated user’s jurisdiction (geographic location) is valid for accessing the Pump.fun platform. This endpoint enforces geographic restrictions and compliance requirements.

Authentication

Requires JWT authentication via Authorization: Bearer <token> header.

Headers

Authorization
string
required
Bearer token for authentication
Authorization: Bearer <your_jwt_token>
Accept
string
required
Response content type
Accept: application/json
Origin
string
required
Request origin
Origin: https://pump.fun

Response

200
object
Jurisdiction validity check result

Response Schema

isValidJurisdiction
boolean
true if the user’s jurisdiction is allowed, false if blocked or restricted
jurisdiction
string
The detected jurisdiction/country code
reason
string
Explanation if jurisdiction is invalid (only present when isValidJurisdiction is false)

Example Usage

curl -X GET "https://frontend-api-v3.pump.fun/auth/is-valid-jurisdiction" \
  -H "Authorization: Bearer <your_token>" \
  -H "Accept: application/json" \
  -H "Origin: https://pump.fun"

Use Cases

  • Enforce geographic access restrictions
  • Comply with regional regulations
  • Display location-specific content or features
  • Block access from sanctioned countries
  • Implement KYC/compliance workflows

Permission Hierarchy

The Pump.fun platform uses a hierarchical permission system:
  1. Regular User: Basic platform access
  2. Admin: Elevated privileges for moderation and management
  3. Super Admin: Full system access and configuration capabilities
Always check permissions before performing privileged operations. Unauthorized access attempts may result in account suspension.

Best Practices

Client-Side Checks

  • Use permission checks to show/hide UI elements
  • Check permissions on page load and route changes
  • Cache permission results for better performance
  • Revalidate permissions periodically

Server-Side Enforcement

  • Never rely solely on client-side permission checks
  • Always validate permissions on the backend
  • Log all permission check failures for security monitoring
  • Implement rate limiting on permission endpoints

Security Considerations

  • Permissions may change during a user session
  • Re-check permissions before critical operations
  • Handle permission denials gracefully
  • Provide clear error messages when access is denied

Build docs developers (and LLMs) love

Get started for freeTalk to us