Compartir a través de


GET (/users/{requestorId}/permission/validate)

Gets a yes-or-no answer about whether the user is allowed to perform the specified action with a target user.

URI parameters

Parameter Type Description
requestorId string Required. Identifier of the user performing the action. The possible values are xuid({xuid}) and me. This must be a logged-in user. Example value: xuid(0987654321).

Query string parameters

Parameter Type Description
setting string enumeration The PermissionId value to check against. Example value: "CommunicateUsingText".
target string Identifier of the user on whom the action is to be performed. The possible values are xuid({xuid}). Example values: xuid(0987654321)

Authorization

Authorization claims used Claim Type Required? Example value
Xuid 64-bit signed integer yes 1234567890

Required Request Headers

Header Type Description
Authorization string Authentication credentials for HTTP authentication. Example values: XBL3.0 x=<userhash>;<token>
X-RequestedServiceVersion string Build name/number of the Xbox LIVE service to which this request should be directed. The request will only be routed to that service after verifying the validity of the header, the claims in the auth token, etc. Example value: 1.

Request body

No objects are sent in the body of this request.

HTTP status codes

The service returns one of the status codes in this section in response to a request made with this method on this resource. For a complete list of standard HTTP status codes used with Xbox Live Services, see Standard HTTP status codes.

Code Reason phrase Description
200 OK The session was successfully retrieved.
400 The request is invalid. Examples: incorrect setting IDs, incorrect URIs, etc.
404 The user specified in the URI does not exist. The specified resource could not be found.

Required Response Headers

Header Type Description
Content-Type string The MIME type of the body of the request. Example value: application/json
Content-Length string The number of bytes being sent in the response. Example value: 34
Cache-Control string Polite request from the server to specify caching behavior. Example: no-cache, no-store

Response body

See PermissionCheckResponse (JSON).

Sample response

{
    "isAllowed": false,
    "reasons":
    [
        {"reason": "BlockedByRequestor"},
        {"reason": "MissingPrivilege", "restrictedSetting": "VideoCommunications"}
    ]
}

See also

Parent

/users/{requestorId}/permission/validate

PermissionId Enumeration