Arke
Reference

Permission Actions

Complete list of permission actions used across the Arke API.

Action Format

Actions follow the resource:verb pattern. Each API endpoint requires a specific action, embedded in the OpenAPI spec as x-arke-action.

Actions by Resource

Entity Actions

ActionDescriptionUsed By
entity:createCreate new entitiesPOST /entities
entity:viewRead entity contentGET /entities/:id
entity:tipGet entity tip CIDGET /entities/:id/tip
entity:updateModify existing entityPUT /entities/:id
entity:deleteSoft-delete entityDELETE /entities/:id
entity:restoreRestore deleted entityPOST /entities/:id/restore

File Actions

ActionDescriptionUsed By
file:createCreate file metadataPOST /files
file:viewView file metadataGET /files/:id
file:uploadUpload file contentPOST /files/:id/upload
file:downloadDownload file contentGET /files/:id/download
file:updateUpdate file metadataPUT /files/:id
file:reuploadReplace file contentPOST /files/:id/reupload

User Actions

ActionDescriptionUsed By
user:createCreate new userPOST /auth/register
user:viewView user profileGET /users/:id
user:updateUpdate user profilePUT /users/:id
user:credentialsManage API keysGET/POST/DELETE /users/:id/api-keys

Collection Actions

ActionDescriptionUsed By
collection:createCreate collectionPOST /collections
collection:viewView collectionGET /collections/:id
collection:updateUpdate collection propertiesPUT /collections/:id
collection:manageManage roles and membershipPOST /collections/:id/roles, members

Folder Actions

ActionDescriptionUsed By
folder:createCreate folderPOST /folders
folder:viewView folderGET /folders/:id
folder:updateUpdate folder, add/remove itemsPUT /folders/:id

Agent Actions

ActionDescriptionUsed By
agent:createCreate agentPOST /agents
agent:viewView agent detailsGET /agents/:id
agent:updateUpdate agent configurationPUT /agents/:id
agent:invokeTrigger agent processingPOST /agents/:id/invoke
agent:manageManage agent keysPOST/DELETE /agents/:id/keys

Search Actions

ActionDescriptionUsed By
search:queryExecute search queriesPOST /search/query
search:similarFind similar entitiesPOST /search/similar
search:executeExecute user searchesPOST /users/:id/search

Query Actions

ActionDescriptionUsed By
query:executeExecute Argo queryPOST /query

Graph Actions

ActionDescriptionUsed By
graph:queryQuery entity graphGET/POST /graph

Chat Actions

ActionDescriptionUsed By
chat:sendSend chat messagePOST /chat
chat:viewView chat historyGET /chat
chat:deleteDelete chat messageDELETE /chat/:id

Attestation Actions

ActionDescriptionUsed By
attestation:viewView attestation recordsGET /attestations/:id
attestation:verifyVerify attestationPOST /attestations/verify

Other Actions

ActionDescriptionUsed By
permissions:readRead permission metadataGET /permissions
events:listList API eventsGET /events

Wildcard Patterns

There are two types of wildcard patterns:

Verb Wildcards (*:verb)

Matches any resource type with the specified verb:

PatternMatches
*:viewentity:view, file:view, user:view, etc.
*:updateentity:update, file:update, user:update, etc.
*:createentity:create, file:create, etc.

Security restriction: Verb wildcards do NOT match collection operations (except *:view which matches collection:view). This prevents editors with *:update from modifying collection settings.

Type Wildcards (type:*)

Matches any verb for the specified type:

PatternMatches
file:*file:view, file:download, file:update, file:reupload
entity:*entity:view, entity:update, entity:create, etc.

Security restriction: collection:* is not allowed. Use explicit collection actions instead.

Verb Implications

Certain verbs automatically grant additional permissions:

VerbImplies
viewdownload
updatereupload, upload, delete
manageview, download, create, update, reupload, upload, delete

Examples:

  • file:view automatically grants file:download
  • *:view automatically grants *:download (any type)
  • file:update automatically grants file:reupload, file:upload, file:delete

Type Implications

The entity type is the base type that implies all specific entity types:

Base ActionImplies
entity:viewfile:view, user:view, folder:view, agent:view, etc.
entity:updatefile:update, user:update, folder:update, etc.
entity:createfile:create, user:create, etc.

Security restriction: entity:* only implies collection:view. Other collection operations (collection:update, collection:create, collection:delete, collection:manage) require explicit permission.

Default Role Definitions

Collections are created with these default roles:

RoleActions
owner*:view, *:update, *:create, collection:update, collection:manage
editor*:view, *:update, *:create
viewer*:view
public*:view

Note: The public role is required for collections (platform rule). Users with subscriptions can create private collections without this role.

Error Codes

HTTP error codes and error types returned by the Arke API.

Entity References

The EntityRef system for typed references between entities in properties and relationship metadata.

On this page

Action FormatActions by ResourceEntity ActionsFile ActionsUser ActionsCollection ActionsFolder ActionsAgent ActionsSearch ActionsQuery ActionsGraph ActionsChat ActionsAttestation ActionsOther ActionsWildcard PatternsVerb Wildcards (*:verb)Type Wildcards (type:*)Verb ImplicationsType ImplicationsDefault Role Definitions