> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.qonversion.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Grant an entitlement

> Manually grants an entitlement to a user. **Requires Secret Key authentication.**


<Warning>This endpoint requires a **Secret Key** (`sk_` prefix). Never expose it in client-side code.</Warning>


## OpenAPI

````yaml /api-reference/rest-api.yaml post /users/{user_id}/entitlements
openapi: 3.1.0
info:
  title: Qonversion REST API
  version: '3.1'
  description: >
    Qonversion REST API follows REST standards. It has predictable
    resource-oriented URLs,

    accepts JSON-encoded request bodies, returns JSON-encoded responses, and
    uses standard

    HTTP response codes, authentication, and verbs.


    ## Where to find your keys


    1. Sign in to the Qonversion dashboard at https://dash.qonversion.io/.

    2. Open your project and go to **Project Settings** in the sidebar.

    3. The **Project Keys** section exposes three values:
       - **Project Key** - bearer token for the v3 REST endpoints documented here.
         A 32-character URL-safe random string (`A-Z`, `a-z`, `0-9`, `_`, `-`) with no fixed prefix
         (e.g. `JFPATc4VaaWYsfurml3qZ4zsmNw0VfWH`).
       - **API Key** - used in the URL path of the analytics API
         (`https://api.qonversion.io/v1/analytics/{API_KEY}/...`); do NOT use it as a v3 bearer.
       - **Secret Key** - bearer for the entitlement grant/revoke endpoints. Always prefixed with `sk_`.

    ## Sandbox vs production


    Project Keys with the `test_` prefix (e.g.
    `test_PV77YHL7qnGvsdmpTs7gimsxUvY-Znl2`) target the

    **sandbox** environment. Production keys have no prefix. The same prefix
    scheme applies to Secret

    Keys. Sandbox users do not affect production analytics.


    ## Errors


    All endpoints share the error envelope shown in `Error`. The
    `meta.reference` URL is set

    automatically for the documented machine-readable codes (`invalid_data`,
    `invalid_request`,

    `invalid_entitlement_data`); other errors omit `meta`. There is no
    `meta.fields[]` array.
servers:
  - url: https://api.qonversion.io/v3
    description: Production
security:
  - ProjectKey: []
paths:
  /users/{user_id}/entitlements:
    post:
      tags:
        - Entitlements
      summary: Grant an entitlement
      description: >
        Manually grants an entitlement to a user. **Requires Secret Key
        authentication.**
      operationId: grantEntitlement
      parameters:
        - name: user_id
          in: path
          required: true
          schema:
            type: string
          description: Qonversion User ID
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - id
                - expires
              properties:
                id:
                  type: string
                  description: Entitlement ID
                expires:
                  type: integer
                  format: int64
                  description: >-
                    Unix timestamp (seconds) when entitlement expires. Must be
                    in the future.
            example:
              id: plus
              expires: 1704067200
      responses:
        '200':
          description: Entitlement granted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Entitlement'
              example:
                id: plus
                active: true
                started: 1678894940
                expires: 1704067200
                source: manual
        '400':
          description: Invalid entitlement data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
              example:
                error:
                  code: invalid_entitlement_data
                  message: >-
                    Invalid expires at value has been provided, should be in
                    unix timestamp format in seconds in future
                  type: request
      security:
        - SecretKey: []
components:
  schemas:
    Entitlement:
      type: object
      properties:
        id:
          type: string
          description: Entitlement identifier
          example: plus
        active:
          type: boolean
          description: Whether the user currently has the entitlement
          example: true
        started:
          type: integer
          description: Unix epoch seconds when entitlement was activated
          example: 1652438020
        expires:
          type: integer
          description: Unix epoch seconds when entitlement expires
          example: 1654215637
        source:
          type: string
          enum:
            - appstore
            - playstore
            - stripe
            - paddle
            - manual
            - unknown
          description: Purchase origin
          example: appstore
        product:
          $ref: '#/components/schemas/Product'
    Error:
      type: object
      required:
        - error
      properties:
        error:
          type: object
          required:
            - code
            - message
            - type
          properties:
            type:
              type: string
              enum:
                - request
                - resource
                - logical
                - internal
              description: Error category
            code:
              type: string
              description: Machine-readable error code
            message:
              type: string
              description: Human-readable error message
        meta:
          type: object
          description: >
            Optional metadata. Currently only contains a `reference` URL for a
            small subset

            of error codes (`invalid_data`, `invalid_request`,
            `invalid_entitlement_data`).
          properties:
            reference:
              type: string
              format: uri
              example: >-
                https://documentation.qonversion.io/reference/handling-api-errors
    Product:
      type: object
      properties:
        product_id:
          type: string
          description: Qonversion product identifier
          example: main
        subscription:
          $ref: '#/components/schemas/Subscription'
    Subscription:
      type: object
      properties:
        current_period_type:
          type: string
          enum:
            - normal
            - trial
            - intro
          description: Current subscription period type
          example: normal
        renew_state:
          type: string
          enum:
            - will_renew
            - canceled
            - billing_issue
          description: Subscription renewal state
          example: will_renew
  securitySchemes:
    ProjectKey:
      type: http
      scheme: bearer
      description: >
        Use your **Project Key** from the Qonversion dashboard

        (Project Settings -> Project Keys -> Project Key).


        Production keys have no prefix; keys prefixed with `test_` target the
        sandbox environment.


        Example (sandbox): `Bearer test_PV77YHL7qnGvsdmpTs7gimsxUvY-Znl2`

        Example (production): `Bearer JFPATc4VaaWYsfurml3qZ4zsmNw0VfWH`
    SecretKey:
      type: http
      scheme: bearer
      description: >
        Use your **Secret Key** (prefixed with `sk_`) from the Qonversion
        dashboard

        (Project Settings -> Project Keys -> Secret Key). Sandbox secret keys
        are prefixed

        with `test_sk_`.


        **Never expose the secret key in client-side code.**

````