UpdaterAgent uses role-based access control (RBAC) to authorize every API request. Each user is assigned a role; each role holds a set of granular permission keys. On login, the user’s permissions are embedded in the JWT as a flattened list of strings, so authorization checks are fast and require no additional database lookups. This page documents the endpoints for reading permissions, managing roles, and querying the audit log.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/ShohjahonSohibov/repo-for-agent/llms.txt
Use this file to discover all available pages before exploring further.
How permissions appear in the JWT
After a successful login, the JWT payload includes apermissions claim containing a JSON-serialized array of permission key strings:
permissions array does not contain that key, the API returns 403 Forbidden.
Permissions endpoints
GET /api/permissions
List all permissions in the system. Requires thePermissions.View permission.
Response
Numeric enum value identifying the permission.
The permission key string embedded in JWTs (e.g.,
"Loads.View").Human-readable description of what this permission grants.
cURL
GET /api/permissions/groups
Return all permissions organized by category. Useful for building role management UIs. Requires thePermissions.View permission.
Response
Category name (e.g.,
"Load Management").Array of permission objects belonging to this group.
cURL
Permission groups
The system contains 100+ individual permissions organized into the following categories. All permission keys follow theResource.Action naming convention.
Load Management
Load Management
| Permission key | Description |
|---|---|
Loads.View | View loads and their details |
Loads.Create | Create new loads |
Loads.Update | Update load details, assign drivers, change status |
Loads.Delete | Delete loads and their files |
Loads.Export | Export load data |
Driver Management
Driver Management
| Permission key | Description |
|---|---|
Drivers.View | View driver roster and details |
Drivers.Create | Add new drivers |
Drivers.Update | Edit driver details, manage sleep timers |
Drivers.Delete | Remove drivers |
System Administration
System Administration
| Permission key | Description |
|---|---|
Users.View | List and view user accounts |
Users.Create | Create new user accounts |
Users.Update | Edit users, activate, deactivate, reset passwords |
Users.Delete | Delete user accounts |
Roles.View | View roles and their permissions |
Roles.Create | Create new roles |
Roles.Update | Edit roles and assign permissions |
Roles.Delete | Delete roles |
Permissions.View | List all permissions |
AuditLogs.View | Read the system audit trail |
Truck & Trailer Management
Truck & Trailer Management
| Permission key | Description |
|---|---|
Trucks.View | View truck fleet |
Trucks.Create | Add trucks |
Trucks.Update | Edit truck details |
Trucks.Delete | Remove trucks |
Trailers.View | View trailer fleet |
Trailers.Create | Add trailers |
Trailers.Update | Edit trailer details |
Trailers.Delete | Remove trailers |
Additional permission groups
Additional permission groups
The system includes 100+ permissions across many other resource categories including Brokers, Tenants, Companies, Stops, Tickets, Settings, Reports, Notifications, Email, and Integrations. Use
GET /api/permissions/groups to retrieve the complete categorized list.Roles endpoints
GET /api/roles
List all roles defined within the current tenant. Requires theRoles.View permission.
Response
Role ID.
Role display name.
Array of permission key strings assigned to this role.
cURL
POST /api/roles
Create a new role for the current tenant. Requires theRoles.Create permission.
Request body
A unique display name for the role within the tenant.
cURL
POST /api/roles//permissions
Assign a set of permissions to a role, replacing any previously assigned permissions. Requires theRoles.Update permission.
Path parameters
The ID of the role to update.
Array of numeric permission IDs to assign to the role. Retrieve valid IDs from
GET /api/permissions.cURL
Built-in roles
UpdaterAgent ships with the following default roles. They can be used as-is or serve as a reference when creating custom roles.| Role | Access level |
|---|---|
| System Admin | All permissions across the entire system |
| Dispatcher | Load, driver, and truck management |
| Viewer | Read-only access to loads, drivers, and related data |
| Custom roles | Tenant-defined sets of any permissions from the full permission list |
Roles are scoped per tenant. A role created in one tenant is not visible or applicable in another.
Audit logs
GET /api/audit-logs
Retrieve the system audit trail showing who did what and when. Requires theAuditLogs.View permission. Supports standard pagination via page and pageSize query parameters.
Response
Unique audit log entry ID.
ID of the user who performed the action.
Description of the action performed.
The type of resource that was affected (e.g.,
"Load", "Driver").ID of the affected resource.
ISO 8601 timestamp when the action occurred.
cURL