Tokens
This page describes token flags and the ACL flags (bits) to which they correspond.
Each token has a combined flag (fl) that limits which access rights the token can use. A token flag combines several individual access right bits into a single category (for example, online tracking or data editing). A token can’t exceed the user’s access rights.
In API requests the token flag (
fl) is usually specified as a decimal number. In the tables below ACL bits are shown in both HEX and DEC for convenience.
| Token flag (HEX) | Token flag (DEC) | Description |
|---|---|---|
| 0x100 | 256 | Online tracking |
| 0x200 | 512 | Viewing data |
| 0x400 | 1024 | Editing non-sensitive data |
| 0x800 | 2048 | Editing sensitive data |
| 0x1000 | 4096 | Editing critical data and deleting messages |
| 0x2000 | 8192 | Sending commands |
| -1 | -1 | Unlimited access |
To grant multiple access levels to a token, sum the token flag values. For example, to grant both online tracking (256) and viewing data (512) access, use fl = 768.
To grant unrestricted access, use fl = -1.
Online tracking
The token flag 0x100 (256) grants access rights related to online tracking.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Any object | View object and its basic properties | 0x1 | 1 |
| Any object | View detailed object properties | 0x2 | 2 |
| Any object | View custom fields | 0x20 | 32 |
| Any object | Request reports and messages | 0x200 | 512 |
| Any object | View and download files | 0x4000 | 16384 |
| Unit, unit group | View commands | 0x400000000 | 17179869184 |
| Resource (Account) | View POIs | 0x400000 | 4194304 |
| Resource (Account) | View geofences | 0x1000000 | 16777216 |
| Resource (Account) | View report templates | 0x10000000 | 268435456 |
| Resource (Account) | View drivers and driver groups | 0x40000000 | 1073741824 |
| Resource (Account) | View orders | 0x200000000 | 8589934592 |
| Resource (Account) | View tags (passengers) | 0x800000000 | 34359738368 |
| Resource (Account) | View trailers and trailer groups | 0x100000000000 | 17592186044416 |
Viewing data
The token flag 0x200 (512) grants access rights related to viewing data.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Unit, unit group | View service intervals (maintenance) | 0x10000000 | 268435456 |
| Unit, unit group | View connectivity settings (HW/UID/phone/password, and so on) | 0x4000000 | 67108864 |
| User | Act on behalf of this user (create objects, log in, and so on) | 0x200000 | 2097152 |
| Resource (Account) | View notifications | 0x100000 | 1048576 |
| Resource (Account) | View jobs | 0x4000000 | 67108864 |
Editing non-sensitive data
The token flag 0x400 (1024) grants access rights related to editing non-sensitive data.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Any object | Rename object | 0x10 | 16 |
| Any object | Manage custom fields | 0x40 | 64 |
| Any object | Change image (icon) | 0x100 | 256 |
| Any object | Edit attached files | 0x8000 | 32768 |
| Unit, unit group | Register events | 0x2000000 | 33554432 |
| Unit, unit group | Create, edit, and delete commands | 0x800000000 | 34359738368 |
| Retranslator | Add or remove units from the retranslator, change their unique IDs | 0x200000 | 2097152 |
| Resource (Account) | Create, edit, and delete POIs | 0x800000 | 8388608 |
| Resource (Account) | Create, edit, and delete geofences | 0x2000000 | 33554432 |
Editing sensitive data
The token flag 0x800 (2048) grants access rights related to editing sensitive data.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Any object | Manage access to this object | 0x4 | 4 |
| Unit, unit group | Create, edit, and delete service intervals | 0x20000000 | 536870912 |
| Unit, unit group | Edit trip, driving and health check settings | 0x4000000000 | 274877906944 |
| User | Manage user’s access rights | 0x100000 | 1048576 |
| User | Change user’s general properties | 0x400000 | 4194304 |
| Retranslator | Edit retranslator settings including start/stop | 0x100000 | 1048576 |
| Resource (Account) | Create, edit, and delete notifications | 0x200000 | 2097152 |
| Resource (Account) | Create, edit, and delete jobs | 0x8000000 | 134217728 |
| Resource (Account) | Create, edit, and delete report templates | 0x20000000 | 536870912 |
| Resource (Account) | Create, edit, and delete drivers | 0x80000000 | 2147483648 |
| Resource (Account) | Create, edit, and delete orders | 0x400000000 | 17179869184 |
| Resource (Account) | Create, edit, and delete tags (passengers) | 0x1000000000 | 68719476736 |
| Resource (Account) | Create, edit, and delete trailers | 0x200000000000 | 35184372088832 |
Editing critical data and deleting messages
The token flag 0x1000 (4096) grants access rights related to editing critical data and deleting messages.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Any object | Delete object | 0x8 | 8 |
| Any object | Manage object log | 0x800 | 2048 |
| Any object | View administrative fields | 0x1000 | 4096 |
| Any object | Edit administrative fields | 0x2000 | 8192 |
| Unit, unit group | Edit connectivity settings (device type, UID, phone, access password, messages filter) | 0x100000 | 1048576 |
| Unit, unit group | Create, edit, and delete sensors | 0x200000 | 2097152 |
| Unit, unit group | Edit counters | 0x400000 | 4194304 |
| Unit, unit group | Delete messages | 0x800000 | 8388608 |
| Unit, unit group | Import messages | 0x40000000 | 1073741824 |
| Unit, unit group | Export messages | 0x80000000 | 2147483648 |
Sending commands
The token flag 0x2000 (8192) grants the permission to send (execute) commands for units and unit groups.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Unit, unit group | Send commands | 0x1000000 | 16777216 |
Working as an authorized user (unlimited access)
The token flag -1 means the token doesn’t restrict the authorized user by token access levels (0x100, 0x200, 0x400, and so on). The following ACL bits are only available with this flag and aren’t included in any other token flag.
| Applies to | Access right name | ACL bit (HEX) | ACL bit (DEC) |
|---|---|---|---|
| Any object | Edit ACL-propagated items | 0x400 | 1024 |
| Unit, unit group | View routes | 0x4000000 | 67108864 |
| Unit, unit group | Create, edit, and delete routes | 0x8000000 | 134217728 |
| Unit, unit group | View events | 0x1000000000 | 68719476736 |
| Unit, unit group | Create, edit, and delete events | 0x2000000000 | 137438953472 |
| Unit, unit group | Use unit in jobs, notifications, routes, retranslators | 0x8000000000 | 549755813888 |
| Resource (Account) | Manage account | 0x100000000 | 4294967296 |
See also
- token/update. Create, edit, or delete tokens.
- token/login. Authenticate using a token.
- core/check_items_billing. Full list of ACL flags by object type.
- Frequently asked questions. Common token-related scenarios.
- Access rights. Overview of access rights in Wialon.