# Create a role

Creates a role that is used to assign permissions to users.

Endpoint: POST /roles
Version: latest
Security: SecretApiKey, JWT

## Request fields (application/json):

  - `name` (string, required)
    Name of the user role.

  - `description` (string,null)
    Description of the role.

  - `acl` (array, required)
    Access Control List (ACL) information.

  - `acl.scope` (object, required)
    Example: {"organizationId":["organizationId-id-1"]}

  - `acl.scope.organizationId` (array)
    Array of account IDs.
    Example: ["organizationId-id-1"]

  - `acl.scope.productId` (array)
    Array of product IDs.
    Example: ["prod_0YV7DES3WPC5J8JD8QTVNZBZNZ"]

  - `acl.scope.planId` (array)
    Array of plan IDs.
    Example: ["plan_0YV7DENSVGDBW9S71XZNNYYQ0X"]

  - `acl.scope.customFieldName` (array)
    Array of custom field names.

  - `acl.permissions` (array, required)
    Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"]

  - `allowedIps` (array,null)
    List of IP addresses that are permitted access.
Private subnets are prohibited.
To remove restrictions, set this value to .
    Example: ["153.12.32.33","201.54.122.0/24","2001:0db8:abcd:0012:0000:0000:0000:ffff","2001:db8:abcd:12::0/64"]

  - `juniorIds` (array)
    List of role IDs that are included in this role.
For example, a role called  may include the  and  roles.

## Response 201 fields (application/json):

  - `id` (string)
    ID of the role.
    Example: "role_0YVDN2J11HDMX9N8X7DCB4CMX2"

  - `name` (string, required)
    Name of the user role.

  - `description` (string,null)
    Description of the role.

  - `acl` (array, required)
    Access Control List (ACL) information.

  - `acl.scope` (object, required)
    Example: {"organizationId":["organizationId-id-1"]}

  - `acl.scope.organizationId` (array)
    Array of account IDs.
    Example: ["organizationId-id-1"]

  - `acl.scope.productId` (array)
    Array of product IDs.
    Example: ["prod_0YV7DES3WPC5J8JD8QTVNZBZNZ"]

  - `acl.scope.planId` (array)
    Array of plan IDs.
    Example: ["plan_0YV7DENSVGDBW9S71XZNNYYQ0X"]

  - `acl.scope.customFieldName` (array)
    Array of custom field names.

  - `acl.permissions` (array, required)
    Example: ["PostFile","StorefrontGetAccount","StorefrontGetWebsite","StorefrontGetKycDocumentCollection","StorefrontGetKycDocument","StorefrontPostKycDocument"]

  - `allowedIps` (array,null)
    List of IP addresses that are permitted access.
Private subnets are prohibited.
To remove restrictions, set this value to .
    Example: ["153.12.32.33","201.54.122.0/24","2001:0db8:abcd:0012:0000:0000:0000:ffff","2001:db8:abcd:12::0/64"]

  - `seniorIds` (array)
    List of role IDs where this role is used.
For example, a role called  may be used in the  and  roles.

  - `juniorIds` (array)
    List of role IDs that are included in this role.
For example, a role called  may include the  and  roles.

  - `usersCount` (integer)
    Number of users assigned to this role.

  - `createdTime` (string)
    Date and time which is set automatically when the resource is created.

  - `updatedTime` (string)
    Date and time which updates automatically when the resource is updated.

  - `_links` (array)
    Related links.

  - `_links.href` (string)
    Link URL.

  - `_links.rel` (string)
    Type of link.
    Enum: "self", "seniorRoles", "juniorRoles"

  - `_embedded` (object)
    Embedded objects that are requested by the  query parameter.

  - `_embedded.juniors` (array)

## Response 401 fields (application/json):

  - `status` (integer)
    HTTP status code.

  - `type` (string)
    Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference.
It should provide human-readable documentation for the problem type.
When this member is not present, its value is assumed to be "about:blank".

  - `title` (string)
    Short, human-readable summary of the problem type.
Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem.

  - `detail` (string)
    Human-readable explanation that is specific to this occurrence of the problem.

  - `instance` (string)
    URI reference that identifies the specific occurrence of the problem.
It may or may not yield further information if dereferenced.

## Response 403 fields (application/json):

  - `status` (integer)
    HTTP status code.

  - `type` (string)
    Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference.
It should provide human-readable documentation for the problem type.
When this member is not present, its value is assumed to be "about:blank".

  - `title` (string)
    Short, human-readable summary of the problem type.
Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem.

  - `detail` (string)
    Human-readable explanation that is specific to this occurrence of the problem.

  - `instance` (string)
    URI reference that identifies the specific occurrence of the problem.
It may or may not yield further information if dereferenced.

## Response 422 fields (application/json):

  - `status` (integer)
    HTTP status code.

  - `type` (string)
    Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference.
It should provide human-readable documentation for the problem type.
When this member is not present, its value is assumed to be "about:blank".

  - `title` (string)
    Short, human-readable summary of the problem type.
Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem.

  - `detail` (string)
    Human-readable explanation that is specific to this occurrence of the problem.

  - `instance` (string)
    URI reference that identifies the specific occurrence of the problem.
It may or may not yield further information if dereferenced.

  - `invalidFields` (array)
    Invalid field details.
    Example: [{"field":"field1","message":"field1 is invalid"},{"field":"subObject.field2","message":"field2 is invalid"},{"field":"subObject.field2","message":"another error in the field2"}]

  - `invalidFields.field` (string)
    Name of the field.
Dot notation is used for nested object field names.

  - `invalidFields.message` (string)
    Message field.

## Response 429 fields (application/json):

  - `type` (string)
    Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference.
It should provide human-readable documentation for the problem type.
When this member is not present, its value is assumed to be "about:blank".
    Example: "about:blank"

  - `title` (string)
    Short, human-readable summary of the problem type.
Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem.
    Example: "Rate Limit Exceeded"

  - `status` (integer)
    HTTP status code.

  - `detail` (string)
    Human-readable explanation that is specific to this occurrence of the problem.
    Example: "A request cannot be executed because the user has sent too many requests within a certain period of time"

  - `instance` (string)
    URI reference that identifies the specific occurrence of the problem.
It may or may not yield further information if dereferenced.