Kinde · Capability
Kinde Management API — Roles and Permissions
Kinde Management API — Roles and Permissions. Manages role-based access control: list/create/ update/delete roles, list/create/update/delete permissions, attach permissions to roles, and list users associated with a role. Forms the authorization backbone alongside the per-organization role assignments in the Organizations capability. Self-contained Naftiko capability covering one Kinde business surface.
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Kinde Management API — Roles and Permissions
description: 'Kinde Management API — Roles and Permissions. Manages role-based access control: list/create/
update/delete roles, list/create/update/delete permissions, attach permissions to roles, and list users
associated with a role. Forms the authorization backbone alongside the per-organization role assignments
in the Organizations capability. Self-contained Naftiko capability covering one Kinde business surface.'
tags:
- Kinde
- Roles
- Permissions
- RBAC
- Authorization
created: '2026-05-22'
modified: '2026-05-22'
binds:
- namespace: env
keys:
KINDE_SUBDOMAIN: KINDE_SUBDOMAIN
KINDE_ACCESS_TOKEN: KINDE_ACCESS_TOKEN
capability:
consumes:
- type: http
namespace: kinde-roles-permissions
baseUri: https://{KINDE_SUBDOMAIN}.kinde.com/api/v1
description: Kinde Management API — Roles and Permissions business capability. Self-contained, no shared references.
resources:
- name: roles
path: /roles
operations:
- name: getRoles
method: GET
description: List all roles in the business.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page_size
in: query
type: integer
- name: createRole
method: POST
description: Create a new role.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
required: true
- name: role
path: /roles/{role_id}
operations:
- name: updateRole
method: PATCH
description: Update a role's name, key, or description.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
required: true
- name: body
in: body
type: object
required: true
- name: deleteRole
method: DELETE
description: Delete a role.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
required: true
- name: role-permissions
path: /roles/{role_id}/permissions
operations:
- name: getRolePermissions
method: GET
description: List permissions attached to a role.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
required: true
- name: updateRolePermissions
method: PATCH
description: Add/remove permissions on a role.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
required: true
- name: body
in: body
type: object
required: true
- name: permissions
path: /permissions
operations:
- name: getPermissions
method: GET
description: List all permissions in the business.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page_size
in: query
type: integer
- name: createPermission
method: POST
description: Create a new permission.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
required: true