Create Role

curl --request POST \
  --url https://api.example.com/v1beta1/roles \
  --header 'Content-Type: application/json' \
  --data '
{
  "body": {
    "name": "<string>",
    "title": "<string>",
    "permissions": [
      {}
    ],
    "scopes": [
      {}
    ],
    "metadata": {}
  }
}
'

{
  "role": {
    "id": "<string>",
    "name": "<string>",
    "title": "<string>",
    "permissions": [
      {}
    ],
    "scopes": [
      {}
    ],
    "state": "<string>",
    "org_id": "<string>",
    "metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>"
  }
}

POST

v1beta1

roles

Create Role

curl --request POST \
  --url https://api.example.com/v1beta1/roles \
  --header 'Content-Type: application/json' \
  --data '
{
  "body": {
    "name": "<string>",
    "title": "<string>",
    "permissions": [
      {}
    ],
    "scopes": [
      {}
    ],
    "metadata": {}
  }
}
'

{
  "role": {
    "id": "<string>",
    "name": "<string>",
    "title": "<string>",
    "permissions": [
      {}
    ],
    "scopes": [
      {}
    ],
    "state": "<string>",
    "org_id": "<string>",
    "metadata": {},
    "created_at": "<string>",
    "updated_at": "<string>"
  }
}

Creates a platform-wide role that can be assigned to users across the entire Frontier instance. The role bundles multiple permissions together.

Body

body

object

required

Role definition

Show properties

name

string

required

Unique name for the role. Must contain only alphanumeric characters and underscores.Example: org_owner, project_admin

title

string

Human-readable title for the role. Can contain UTF-8 characters.Example: Organization Owner, Project Administrator

permissions

array

required

Array of permission names or keys to include in this role.Permissions can be specified as:

Permission slug: app_organization_update
Permission key: app.organization.update
Short name (if namespace matches): update

Example: ["app_organization_update", "app_organization_delete"]

scopes

array

Array of scope strings for filtering and categorizing roles.Example: ["organization", "project"]

metadata

object

Additional metadata for the role. Must conform to the role metadata schema if validation is enabled.

Response

role

object

The created role object

Show properties

string

Unique identifier for the role

name

string

Role name

title

string

Human-readable title

permissions

array

Array of permission slugs (normalized to full slugs)

scopes

array

Array of scope strings

state

string

Role state (default: enabled)

org_id

string

Organization ID (platform roles use special ID)

metadata

object

Role metadata

created_at

string

Creation timestamp

updated_at

string

Last update timestamp

curl -X POST 'https://frontier.example.com/v1beta1/roles' \
  -H 'Authorization: Bearer <token>' \
  -H 'Content-Type: application/json' \
  -d '{
    "body": {
      "name": "org_owner",
      "title": "Organization Owner",
      "permissions": [
        "app_organization_update",
        "app_organization_delete",
        "app_project_create"
      ],
      "scopes": ["organization"],
      "metadata": {
        "description": "Full access to organization resources"
      }
    }
  }'

Request Example

{
  "body": {
    "name": "org_owner",
    "title": "Organization Owner",
    "permissions": [
      "app_organization_update",
      "app_organization_delete",
      "app_project_create"
    ],
    "scopes": ["organization"],
    "metadata": {
      "description": "Full access to organization resources"
    }
  }
}

Response Example

{
  "role": {
    "id": "9f256f86-20ad-434e-b009-6d6dadec6aa9",
    "name": "org_owner",
    "title": "Organization Owner",
    "permissions": [
      "app_organization_update",
      "app_organization_delete",
      "app_project_create"
    ],
    "scopes": ["organization"],
    "state": "enabled",
    "org_id": "00000000-0000-0000-0000-000000000000",
    "metadata": {
      "description": "Full access to organization resources"
    },
    "created_at": "2023-06-07T05:39:56.961Z",
    "updated_at": "2023-06-07T05:39:56.961Z"
  }
}

Notes

All specified permissions are verified to exist before creating the role
Permission names are normalized to their full slug format (e.g., app_organization_update)
The role automatically creates relations between itself and each permission for both user and service user principals
An audit record is created documenting the role creation

List Roles

List Policies

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Getting Started

Users

Organizations

Projects

Groups

Permissions & Roles

Policies

Billing

Create Role

Body

Response

Request Example

Response Example

Notes

Build docs developers (and LLMs) love

Getting Started

Users

Organizations

Projects

Groups

Permissions & Roles

Policies

Billing

​Body

​Response

​Request Example

​Response Example

​Notes

Build docs developers (and LLMs) love

Body

Response

Request Example

Response Example

Notes