Compartir a través de


POST (/users/{requestorId}/permission/validate)

Gets a set of yes-or-no answers about whether the user is allowed to perform specified actions with a set of target users.

Remarks

The request body takes a list of users and a list of settings, and the result is an allowed/blocked result for each user/setting pair.

In cross-network multiplayer scenarios (where privacy communications checks must be performed between users that have an Xbox User ID (XUID) and off-network users that do not), please refer to PermissionCheckBatchRequest (JSON) for User types.

URI parameters

Parameter Type Description
requestorId string Required. Identifier of the user performing the action. The possible values are xuid({xuid}) and me. This must be a logged-in user. Example value: xuid(0987654321).

Authorization

Authorization claims used Claim Type Required? Example value
Xuid 64-bit signed integer yes 1234567890

Required Request Headers

Header Type Description
Authorization string Authentication credentials for HTTP authentication. Example values: XBL3.0 x=<userhash>;<token>
X-RequestedServiceVersion string Build name/number of the Xbox LIVE service to which this request should be directed. The request will only be routed to that service after verifying the validity of the header, the claims in the auth token, etc. Example value: 1.

Request body

Required members

See PermissionCheckBatchRequest (JSON).

{
    "users":
    [
        {"xuid":"12345"},
        {"xuid":"54321"}
    ],
    "permissions":
    [
        "ViewTargetGameHistory",
        "ViewTargetProfile"
    ]
}

HTTP status codes

The service returns one of the status codes in this section in response to a request made with this method on this resource. For a complete list of standard HTTP status codes used with Xbox Live Services, see Standard HTTP status codes.

Code Reason phrase Description
200 OK The session was successfully retrieved.
400 The request is invalid. Examples: incorrect setting IDs, incorrect URIs, etc.
404 The user specified in the URI does not exist. The specified resource could not be found.

Required Response Headers

Header Type Description
Content-Type string The MIME type of the body of the request. Example value: application/json
Content-Length string The number of bytes being sent in the response. Example value: 34
Cache-Control string Polite request from the server to specify caching behavior. Example: no-cache, no-store

Response body

See PermissionCheckBatchResponse (JSON).

Sample response

{
    "responses":
    [
        {
            "user": {"xuid":"12345"},
            "permissions":
            [
                {
                    "isAllowed":true
                },
                {
                    "isAllowed":true
                }
            ]
        },
        {
            "user": {"xuid":"54321"},
            "permissions":
            [
                {
                    "isAllowed":false,
                    "reasons":
                    [
                        {"reason":"NotAllowed"}
                    ]
                },
                {
                    "isAllowed":false,
                    "reasons":
                    [
                        {"reason":"PrivilegeRest", "restrictedSetting":"AllowProfileViewing"}
                    ]
                }
            ]
        }
    ]
}

See also

Parent

/users/{requestorId}/permission/validate

PermissionId Enumeration