Permissions
This page describes the available permissions in the Velolink API. Each permission is a combination of the reserved namespace (velolink) and the specific permission name. All permissions are avilable in the console to be associated with a role.
Permission Matrix
| Permission | Create | Read | Update | Delete | Description |
|---|---|---|---|---|---|
velolink.learning | X | ✓ | X | X | Access vehicle learning status |
velolink.settings.geojson.file | ✓ | ✓ | ✓ | ✓ | Manage GeoJSON file uploads and configurations |
velolink.settings.geojson.data | ✓ | ✓ | ✓ | ✓ | Manage GeoJSON data and properties |
velolink.gtfs | X | ✓ | X | X | Access GTFS transit data |
velolink.settings.gtfsconfig | ✓ | ✓ | ✓ | ✓ | Manage GTFS configuration settings |
velolink.settings.marker | ✓ | ✓ | ✓ | ✓ | Manage map marker key locations settings and configurations |
velolink.data | X | ✓ | X | X | Access historical vehicle, route, trip, and journey data |
Legend
- ✓ : Permission available
- X : Permission not available
Notes
- All permissions are prefixed with the reserved namespace
velolink - Data, GTFS, and Learning permissions only support read operations for security and data integrity
- Settings-related permissions (geojson, gtfsconfig, marker) support full CRUD operations
- Permissions are preconfigured and available to be associated with roles in the console.
Velolink API GraphQL READ Permissions
Below is a detailed mapping of the Velolink GraphQL API queries and their required READ permissions:
velolink.settings.geojson.file
getGeoJsonFile(namespace: String!, name: String!): String
velolink.settings.geojson.data
getGeoJson(namespace: String!, id: String!): GeoJson
listGeoJson(namespace: String!, page: Int!, per_page: Int!): [GeoJson]
velolink.settings.gtfsconfig
gtfsConfig(namespace: String!): Config
velolink.settings.marker
marker(namespace: String!, id: String!): Marker
markers(namespace: String!, page: Int!, per_page: Int!): [Marker]
velolink.gtfs
route(namespace: String!, id: String!): Route
routes(namespace: String!, page: Int!, per_page: Int!): [Route]
trip(namespace: String!, id: String!): Trip
trips(namespace: String!, routeId: String!): [Trip]
velolink.data
journeys(
namespace: String!
createdAfter: String
createdBefore: String
markerName: String
beginLat: Float
beginLong: Float
beginRadius: Int
endLat: Float
endLong: Float
endRadius: Int
type: String
page: Int
per_page: Int
): [Journey]
latest(namespace: String!, vehicleId: String): JSON
historical(
namespace: String!
routeId: String
tripId: String
createdAfter: String
createdBefore: String
lat: Float
long: Float
radius: Int
type: String
page: Int
per_page: Int
): [Data]
events(
namespace: String!
eventType: String
routeId: String
tripId: String
vehicleId: String
createdAfter: String
createdBefore: String
page: Int
per_page: Int
): [Event]
velolink.learning
learningStates(namespace: String!): [LearningState]
learningState(namespace: String!, deviceId: String!): LearningState
Notes
- All queries require a valid API token with the appropriate permission
- The
namespaceparameter is required for most queries to scope the data access
When requesting API tokens, make sure to select the appropriate permissions based on your application's needs. It's recommended to follow the principle of least privilege and only request permissions that are necessary for your specific use case.
Velolink API GraphQL CREATE Permissions
Below is a detailed mapping of the Velolink GraphQL API mutations for creating resources and their required CREATE permissions:
velolink.settings.geojson.file
uploadGeoJson(
namespace: String!,
name: String!,
description: String!,
file: File!
): GeoJson
velolink.settings.marker
createMarker(
namespace: String!,
name: String!,
description: String!,
lat: Float!,
long: Float!,
radius: Int!
): Marker
Velolink API GraphQL UPDATE Permissions
Below is a detailed mapping of the Velolink GraphQL API mutations for updating resources and their required UPDATE permissions:
velolink.settings.gtfsconfig
setGtfs(
namespace: String!,
gtfs: String!,
gtfsrt: String!,
agency: String!,
timezone: String!,
headers: JSON
): String
velolink.settings.marker
updateMarker(
id: String!,
namespace: String!,
name: String!,
description: String!,
lat: Float!,
long: Float!,
radius: Int!
): Marker
Velolink API GraphQL DELETE Permissions
Below is a detailed mapping of the Velolink GraphQL API mutations for deleting resources and their required DELETE permissions:
velolink.settings.geojson.data
deleteGeoJson(
namespace: String!,
id: String!,
name: String!
): GeoJson
velolink.settings.marker
deleteMarker(
namespace: String!,
id: String!
): Marker
Notes
- All mutations require a valid API token with the appropriate permission
- The
namespaceparameter is required for all operations to scope the data access - CREATE, UPDATE, and DELETE operations are only available for settings-related resources
- All mutations return the affected resource type or a confirmation string
- File uploads (for GeoJSON) require multipart form data handling
When requesting API tokens, make sure to select the appropriate permissions based on your application's needs. It's recommended to follow the principle of least privilege and only request permissions that are necessary for your specific use case.