Access List
POST /v1/config/access-list
Add a user to the current project's access list
Adds a tenant member to the access list for the current project. As soon as the list is non-empty, the project switches from open to restrictive — only listed users can trigger analyses from chat.
Adding a user who is already on the list is a no-op (the call still
returns 201).
Authentication
API key with config:write permission. Project-scoped or tenant-scoped
(with X-Project-Id).
Endpoint
POST /v1/config/access-listRequest body
| Field | Type | Required | Notes |
|---|---|---|---|
userId | UUID | ✓ | Tenant member to add |
{
"userId": "8b29f4a1-..."
}Response
201 Created
{
"success": true
}There's no body payload. Re-fetch via
GET /v1/config/access-list if you need the
updated list.
Error responses
| Status | error.code | When |
|---|---|---|
| 400 | VALIDATION_ERROR | userId is missing or not a valid UUID |
| 400 | MISSING_PROJECT | Tenant-scoped key without X-Project-Id |
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 403 | FORBIDDEN | Key lacks config:write |
Example
curl -X POST https://api.sigsentry.com/v1/config/access-list \
-H "Authorization: Bearer ss_secret_..." \
-H "X-Project-Id: 6f1c89bb-3b50-4c4a-9c5f-..." \
-H "Content-Type: application/json" \
-d '{ "userId": "8b29f4a1-..." }'Idempotency
POST /v1/config/access-list honors the Idempotency-Key header —
see Idempotency. Re-issuing the same request also
naturally de-duplicates: adding a user who is already listed is a
no-op.
See also
- Access list guide
- Authentication — required permissions per endpoint
- Errors — error code reference