Access Rules

Access rules control which email addresses or domains can be seen through a specific token. Rules override the master access level for matching contacts.

Base URL

/api/auth/token/{tokenId}/rules

Rule Identifier Types

Value	Description	Example
`email`	Match a specific email address exactly	john@example.com
`domain`	Match all email addresses from a domain	competitor.com
`all`	Wildcard — matches everyone	*

Rule Access Levels

Value	Description
`block`	Completely denied — events with this contact are hidden
`free_busy_only`	Can only see that a time slot is busy, no details
`read`	Can see event details (title, attendees, description, etc.)
`full`	Full access — can read and modify events involving this contact

Rule Priority

Tip

Higher priority rules take precedence when multiple rules match. For example, you could set domain: competitor.com → block (priority 0) but email: partner@competitor.com → read (priority 10) to block the entire domain except one contact.

GET/api/auth/token/{tokenId}/rulesBearer / JWT

List Token Rules

Returns all access rules for a specific token.

Response 200 OK

[ 
  { 
    "id": 1, 
    "accessTokenId": 42, 
    "identifierType": "domain", 
    "identifier": "competitor.com", 
    "accessLevel": "block", 
    "priority": 0, 
    "description": "Block competitor domain", 
    "createDate": "2026-02-01T10:00:00Z" 
  }, 
  { 
    "id": 2, 
    "accessTokenId": 42, 
    "identifierType": "email", 
    "identifier": "partner@competitor.com", 
    "accessLevel": "read", 
    "priority": 10, 
    "description": "Allow specific partner contact", 
    "createDate": "2026-02-01T10:05:00Z" 
  } 
]

POST/api/auth/token/{tokenId}/rulesBearer / JWT

Create Token Rule

Creates a new access rule for the specified token.

Request Body

Field	Type	Required	Description
identifierType	string	Yes	email, domain, or all
identifier	string	Yes	The email, domain, or * for all (max 255 chars)
accessLevel	string	Yes	block, free_busy_only, read, or full
priority	int	No	Higher value = higher precedence (default: 0)
description	string	No	Human-readable description (max 500 chars)

{ 
  "identifierType": "domain", 
  "identifier": "competitor.com", 
  "accessLevel": "block", 
  "priority": 0, 
  "description": "Block competitor domain" 
}

PATCH/api/auth/token/{tokenId}/rules/{ruleId}Bearer / JWT

Update Token Rule

Updates an existing access rule. All fields are optional.

Request Body (all optional)

Field	Type	Description
accessLevel	string	New access level
priority	int	New priority
description	string	New description (max 500 chars)

{ 
  "accessLevel": "read", 
  "priority": 5, 
  "description": "Updated description" 
}

DELETE/api/auth/token/{tokenId}/rules/{ruleId}Bearer / JWT

Delete Token Rule

Deletes an access rule from the specified token.

Response 200 OK

{ 
  "success": true, 
  "message": "Access rule deleted" 
}