# Permissions (GET /permission)

Returns the permissions granted to the API key.

### Request

**Path:** `/product/{productId}`

* **Method:** `GET`
* **URL:** `https://api.qrcake.com/v1/product/permission`
* **Headers:**
  * `Authorization: Bearer <API Key>`
  * `Accept: application/json`

### Response

#### 200 OK

Returns the user/account permissions.

<details>

<summary>Example 200 response (template)</summary>

```json
{
    "success": true,
    "result": {
        "analytics": true,
        "productLimit": 100, // maximum number of QR Codes account is allowed
        "tier": "subscriber",
        "productTotal": 3,
        "productActiveLimit": 100, // maximum number of active QR Codes account is allowed
        "productActiveTotal": 3, // current number of active QR Codes account has
    }
}
```

</details>

#### 401 Unauthorized

```json
{
  "message": {}
}
```

{% hint style="info" %}
Check Swagger for the authoritative permission model and response shape.
{% endhint %}