# Api permissions

API keys define how your applications interact with the RUFUS Cloud API. Each key can be assigned a specific **access type**, allowing you to control exactly what actions an integration can perform.

This ensures better security, clearer separation of responsibilities, and safer integrations across devices, apps, and services.

**Access Types**

| Access type       | Permissions                                                                                                                                              |
| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **READ**          | Can call all **GET** endpoints. Allows reading data such as devices, sessions, passings, events, and participants.                                       |
| **WRITE**         | Can call **POST** and **PATCH** endpoints. Allows sending data (sessions, passings, device status/telemetry) and creating participants.                  |
| **READ\_WRITE**   | Full access to all **GET**, **POST**, and **PATCH** endpoints.                                                                                           |
| **Unbind device** | Optional property available for **WRITE** and **READ\_WRITE** keys. Enables access to **DELETE** operations, such as unbinding a device from an account. |

**Notes on Permissions**

* **Telemetry reporting** (device status updates) requires **WRITE** or higher access.
* **Participant creation** is restricted to keys with **WRITE** permissions and is subject to plan limits and ownership validation.
* **Participant updates and corrections** are intentionally **not available via the Public API** and must be managed through RUFUS Race Manager (RRM).
* **DELETE operations** are limited and protected, and must be explicitly enabled via the *Unbind device* property.

**Typical Use Cases**

| API key alias          | Access type          | Application                                                                                          |
| ---------------------- | -------------------- | ---------------------------------------------------------------------------------------------------- |
| **Devices**            | WRITE                | Used in RFID devices or edge systems to send sessions, passings, and telemetry data.                 |
| **Timing app**         | READ\_WRITE          | Used in timing software or mobile apps that both send and consume timing data.                       |
| **Classification app** | READ                 | Used in results or classification systems that only need to read events, participants, and passings. |
| **Admin**              | READ\_WRITE + Unbind | Used in internal dashboards or admin tools with full control, including device management.           |

***

This model allows you to design integrations that are **secure by default**, while still being flexible enough to cover everything from low-level device ingestion to full event management workflows.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.runonrufus.com/public-api/getting-started/api-permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.