Each API endpoint requires the authorized party to have specific permit.It's specified in API description with an API Permit tag - for example:Within Client Authorization, the permits are tied to specific prepared token.Within User Authorization, the permits are implied from the role of specific user.