> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.qonversion.io/llms.txt
> Use this file to discover all available pages before exploring further.

# List customer permissions

> Returns a list of all active permissions for the specified customer.



## OpenAPI

````yaml /api-reference/rest-api-v4.yaml get /customers/{customer_id}/permissions
openapi: 3.0.3
info:
  title: Qonversion REST API v4
  version: '4.0'
  description: >-
    Qonversion REST API v4 follows REST standards. It has predictable
    resource-oriented URLs, accepts JSON-encoded request bodies, returns
    JSON-encoded responses, and uses standard HTTP response codes,
    authentication, and verbs.
servers:
  - url: https://api.qonversion.io/v4
    description: Production
security:
  - secretAuth: []
tags:
  - name: Users
    description: Retrieve Qonversion users
  - name: User Properties
    description: Manage user-level attributes
  - name: Identities
    description: Link Qonversion users to your own auth IDs
  - name: Entitlements
    description: Entitlement definitions and user grants
  - name: Purchases
    description: A user's purchase history
  - name: Products
    description: Products configured in the Qonversion dashboard
  - name: Customers
    description: Aggregated customer records, properties, permissions, and metrics
  - name: Segments
    description: Dynamic and system segments of users
  - name: Experiments
    description: Paywall and offering A/B experiments
  - name: Screens
    description: No-code paywall screens — CRUD, publish, analytics
  - name: Analytics
    description: Charts, cards, cohorts, LTV, and insights
  - name: Exports
    description: Asynchronous data exports
  - name: Events
    description: Event catalog
  - name: Scheduled Reports
    description: Recurring reports delivered to external destinations
  - name: Integrations
    description: Third-party integrations configuration
  - name: Automations
    description: Event-driven automations
  - name: Project Settings
    description: Project-level configuration, secret, and store credentials
paths:
  /customers/{customer_id}/permissions:
    get:
      tags:
        - Customers
      summary: List customer permissions
      description: Returns a list of all active permissions for the specified customer.
      operationId: v4ListCustomerPermissions
      parameters:
        - name: customer_id
          in: path
          required: true
          schema:
            type: string
          description: Customer identifier.
          example: customer_abc123
      responses:
        '200':
          description: A list of permissions.
          headers:
            Cache-Control:
              schema:
                type: string
                example: no-cache
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4PermissionList'
        '400':
          description: Invalid request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '404':
          description: Customer not found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '429':
          description: Too many requests
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '500':
          description: Internal error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '502':
          description: Storage error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
        '504':
          description: Upstream timeout
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/V4Error'
      security:
        - secretAuth: []
components:
  schemas:
    V4PermissionList:
      type: object
      required:
        - object
        - url
        - data
        - has_more
      properties:
        object:
          type: string
          enum:
            - list
        url:
          type: string
          example: /v4/customers/customer_abc123/permissions
        data:
          type: array
          items:
            type: object
            description: >-
              Permission record. `started_at` and `expires_at` are Unix epoch
              seconds. `source` indicates how the permission was granted.
            properties:
              id:
                type: string
                description: Permission identifier (matches the entitlement ID).
                example: premium_access
              source:
                type: string
                description: How the permission was granted.
                x-extensible-enum:
                  - apple
                  - google
                  - by_hand
                  - unknown
                example: apple
              active:
                type: boolean
                example: true
              started_at:
                type: integer
                format: int64
                description: Unix epoch seconds when the permission started.
                example: 1729600000
              expires_at:
                type: integer
                format: int64
                description: Unix epoch seconds when the permission expires.
                example: 1761136000
              product_id:
                type: string
                nullable: true
                description: >-
                  Identifier of the product that issued the permission, when
                  applicable.
                example: monthly_premium
        has_more:
          type: boolean
        next_cursor:
          type: string
          description: Present only when has_more is true.
      example:
        object: list
        url: /v4/customers/customer_abc123/permissions
        data:
          - id: premium_access
            source: apple
            active: true
            started_at: 1729600000
            expires_at: 1761136000
            product_id: monthly_premium
        has_more: false
        next_cursor: null
    V4Error:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - type
            - code
            - message
          properties:
            type:
              type: string
              enum:
                - request
                - resource
                - logical
                - internal
            code:
              type: string
              description: |
                Machine-readable snake_case error code. Examples include
                `invalid_data`, `invalid_request`, `invalid_product_id`,
                `not_found`, `already_exists`, `offering_already_exists`,
                `product_not_in_project`, `cannot_set_main_directly`,
                `cannot_demote_main`, `cannot_patch_experiment_variant`,
                `cannot_delete_experiment_variant`, and
                `cannot_setmain_experiment_variant`. Resource-specific codes
                are documented on the corresponding reference page.
            message:
              type: string
              description: Human-readable description. May change; do not parse.
            details:
              type: array
              nullable: true
              description: Per-field validation errors, present on 400 validation failures.
              items:
                type: object
                properties:
                  field:
                    type: string
                  message:
                    type: string
  securitySchemes:
    secretAuth:
      type: http
      scheme: bearer
      bearerFormat: sk_…
      description: >-
        Bearer authentication using the project **Secret Key** (prefixed with
        `sk_`, or `test_sk_` for sandbox). All v4 public endpoints require the
        Secret Key — see [Authentication](/reference/v4/authentication). Never
        expose the Secret Key in client-side code.

````