Api permissions
You api keys can have different access types.
API keys define how your applications interact with the RUFUS Cloud API. Each key can be assigned a specific access type, allowing you to control exactly what actions an integration can perform.
This ensures better security, clearer separation of responsibilities, and safer integrations across devices, apps, and services.
Access Types
READ
Can call all GET endpoints. Allows reading data such as devices, sessions, passings, events, and participants.
WRITE
Can call POST and PATCH endpoints. Allows sending data (sessions, passings, device status/telemetry) and creating participants.
READ_WRITE
Full access to all GET, POST, and PATCH endpoints.
Unbind device
Optional property available for WRITE and READ_WRITE keys. Enables access to DELETE operations, such as unbinding a device from an account.
Notes on Permissions
Telemetry reporting (device status updates) requires WRITE or higher access.
Participant creation is restricted to keys with WRITE permissions and is subject to plan limits and ownership validation.
Participant updates and corrections are intentionally not available via the Public API and must be managed through RUFUS Race Manager (RRM).
DELETE operations are limited and protected, and must be explicitly enabled via the Unbind device property.
Typical Use Cases
Devices
WRITE
Used in RFID devices or edge systems to send sessions, passings, and telemetry data.
Timing app
READ_WRITE
Used in timing software or mobile apps that both send and consume timing data.
Classification app
READ
Used in results or classification systems that only need to read events, participants, and passings.
Admin
READ_WRITE + Unbind
Used in internal dashboards or admin tools with full control, including device management.
This model allows you to design integrations that are secure by default, while still being flexible enough to cover everything from low-level device ingestion to full event management workflows.
Last updated