> ## Documentation Index > Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt > Use this file to discover all available pages before exploring further. # Validate User Permission > Use this endpoint to check if a user is allowed to perform a specific action on a resource. Typically used in M2M authentication with Midaz. ## OpenAPI ````yaml /en/openapi/v3-current/AM-auth.yaml post /v1/authorize openapi: 3.1.0 info: title: Auth Plugin description: '' version: 2.6.5 servers: - url: https://auth.sandbox.lerian.net security: [] tags: - name: Authentication API - name: MFA API - name: User Information API - name: Authorization API paths: /v1/authorize: post: tags: - Authorization API summary: Validate User Permission description: >- Use this endpoint to check if a user is allowed to perform a specific action on a resource. Typically used in M2M authentication with Midaz. parameters: - $ref: '#/components/parameters/Authorization' requestBody: content: application/json: schema: $ref: '#/components/schemas/EnforcePermissionInput' example: action: post resource: ledger sub: admin responses: '200': description: >- Indicates that the resource was successfully created and the operation was completed as expected. content: application/json: schema: $ref: '#/components/schemas/EnforcePermissionResult' examples: '1': summary: Authorized value: authorized: true timestamp: '1744052319' '2': summary: Unauthorized value: authorized: false timestamp: '1744052855' headers: {} '400': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0001: $ref: '#/components/examples/Error0001' Error0003: $ref: '#/components/examples/Error0003' Error0009: $ref: '#/components/examples/Error0009' headers: {} '401': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0006: $ref: '#/components/examples/Error0006' Error0007: $ref: '#/components/examples/Error0007' headers: {} '403': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0008: $ref: '#/components/examples/Error0008' headers: {} '404': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error1015: $ref: '#/components/examples/Error1015' headers: {} '500': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' examples: Error0005: $ref: '#/components/examples/Error0005' headers: {} security: [] components: parameters: Authorization: name: Authorization in: header description: The authorization token in the 'Bearer ' format. required: true schema: type: string schemas: EnforcePermissionInput: description: >- Information used to validate whether a user has permission to perform a specific action on a given resource. type: object required: - action - resource properties: action: type: string description: The operation being performed on the resource. resource: type: string description: >- The resource the action applies to, typically a service or domain within the system. sub: type: string description: >- Subject requesting access. Usually a `midaz_role` or a `user_id`. If not provided, it's extracted from the token. EnforcePermissionResult: description: >- Information given as the successful response for the Enfore User Permission endpoint. type: object properties: authorized: type: boolean description: >- If `true`, it indicates that the user is authorized to perform the action. timestamp: type: string format: date-time description: The time when the permission was verified. ErrorMessage: description: The response message error. type: object properties: code: type: string description: A unique, stable identifier for the error. title: type: string description: A brief summary of the issue. message: type: string description: Detailed guidance for resolving the error. examples: Error0001: summary: Missing Fields in Request value: code: AUT-0001 title: Missing Fields in Request message: >- Your request is missing one or more required fields. Please refer to the documentation to ensure all necessary fields are included in your request. Error0003: summary: Unexpected Fields in the Request value: code: AUT-0003 title: Unexpected Fields in the Request message: >- The request body contains more fields than expected. Please send only the allowed fields as per the documentation. The unexpected fields are listed in the fields object. Error0009: summary: Bad Request value: code: AUT-0009 title: Bad Request message: >- The server could not understand the request due to malformed syntax. Please check the listed fields and try again. Error0006: summary: Token Missing value: code: AUT-0006 title: Token Missing message: >- A valid token must be provided in the request header. Please include a token and try again. Error0007: summary: Invalid Token value: code: AUT-0007 title: Invalid Token message: >- The provided token is expired, invalid or malformed. Please provide a valid token and try again. Error0008: summary: Permission Enforcement Error value: code: AUT-0008 title: Permission Enforcement Error message: >- The enforcer is not configured properly. Please contact your administrator if you believe this is an error. Error1015: summary: Enforcement Sub Not Found value: code: AUT-1015 title: Enforcement Sub Not Found message: >- No subject was found for the provided 'sub'. Please refer to the enforcement documentation for guidance on the correct 'sub' value. Error0005: summary: Internal Server Error value: code: AUT-0005 title: Internal Server Error message: >- The server encountered an unexpected error. Please try again later or contact support. ````