Documentation Index
Fetch the complete documentation index at: https://cloud-docs.mentra.glass/llms.txt
Use this file to discover all available pages before exploring further.
Get App Permissions
Retrieve permissions for a specific app.
Endpoint
GET https://api.mentra.glass/api/permissions/:packageName
Authorization: Bearer <coreToken>
X-Org-Id: <organizationId> (optional)
Parameters
| Parameter | Type | Description |
|---|
packageName | string | The app’s package identifier (in URL) |
Response
Success (200):
{
"permissions": [
{
"type": "CAMERA",
"description": "Take photos to analyze visual content"
},
{
"type": "MICROPHONE",
"description": "Listen to conversations for transcription"
}
]
}
{
"error": "Unauthorized",
"message": "You do not have permission to view this app's permissions"
}
{
"error": "App not found"
}
{
"error": "Internal server error"
}
Implementation
- File:
packages/cloud/src/routes/permissions.routes.ts:24-76
- Middleware:
validateCoreToken
- Authorization: Checks app ownership or published status
Access Control
Users can view permissions if:
- App is published in the app store (
appStoreStatus === 'PUBLISHED')
- User’s organization owns the app (via
X-Org-Id header)
- User is the app developer (email matches
developerId)
- User is member of the app’s organization
Update App Permissions
Update permissions for an app you own.
Endpoint
PATCH https://api.mentra.glass/api/permissions/:packageName
Authorization: Bearer <coreToken>
X-Org-Id: <organizationId> (optional)
Content-Type: application/json
Parameters
| Parameter | Type | Description |
|---|
packageName | string | The app’s package identifier (in URL) |
Request Body
{
"permissions": [
{
"type": "CAMERA",
"description": "Take photos to analyze visual content"
},
{
"type": "MICROPHONE",
"description": "Listen to conversations for transcription"
},
{
"type": "DISPLAY",
"description": "Show information on glasses display"
}
]
}
Response
Success (200):
Returns the updated app object with new permissions.
Error (400):
{
"error": "Permissions must be an array" // or "Invalid permission type: INVALID_TYPE"
}
{
"error": "Unauthorized",
"message": "You do not have permission to modify this app"
}
{
"error": "App not found"
}
{
"error": "Internal server error"
}
Implementation
- File:
packages/cloud/src/routes/permissions.routes.ts:83-155
- Validation: Validates permission types against
PermissionType enum from SDK
- Authorization: Requires app ownership
Permission Types
Available permission types (from @mentra/sdk):
MICROPHONE - Access to device microphoneLOCATION - Access to device locationBACKGROUND_LOCATION - Access to location in backgroundCALENDAR - Access to device calendarCAMERA - Access to device cameraNOTIFICATIONS - Legacy notification permission (backward compatibility)READ_NOTIFICATIONS - Access to read notificationsPOST_NOTIFICATIONS - Access to post notificationsALL - All available permissions
Permission Object Structure
Each permission must include:
type: One of the valid PermissionType enum valuesdescription: String explaining why the app needs this permission (optional but recommended)
Error Codes
| Code | Description |
|---|
| 400 | Invalid permissions format or type |
| 401 | Unauthorized - invalid token |
| 403 | Forbidden - no permission to view/modify app |
| 404 | App not found |
| 500 | Internal server error |
Notes
- Each permission should include a description explaining its use to users
- Permissions are validated against the SDK’s
PermissionType enum
- Organization context can be provided via
X-Org-Id header
- Only app owners can modify permissions
- All users can view permissions for published apps
- The endpoint uses MongoDB’s
findOneAndUpdate to ensure atomic updates
- Console logs are present in the code for debugging (lines 44-45, 51)
