Skip to content
Entitlements module/
/
Create entitlement

Entitlements Overview (1.0)

The Entitlements Engine is powered by the isEntitledTo query and is designed to manage and control user access within your application. It enables you to grant users specific roles, permissions, feature access, and more, providing a flexible framework for access management.

Below is an overview of API endpoints relevant to managing features, plans, feature flags, and API access control within your application. All endpoints are classified as Management Endpoints, requiring environment-level authorization and offering comprehensive control over entitlement resources.

Download OpenAPI description
Users, Auth and Security
Single Sign-On
SCIM Provisioning
Entitlements
Entitlements Agent
Accounts (Tenants)
Languages
Servers
EU Region
https://api.frontegg.com/entitlements/
US Region
https://api.us.frontegg.com/entitlements/
CA Region
https://api.ca.frontegg.com/entitlements/
AU Region
https://api.au.frontegg.com/entitlements/
Frontegg sub-domain for use with user tokens
https://{domain}.frontegg.com/entitlements/

ReBAC

Operations

Features

Operations

Plans

Operations

Entitlements

Operations

Get entitlements

Request

Retrieve a paginated list of entitlements with sorting and filtering capabilities. Sort by expiration date (expirationDate) or creation date (createdAt), filter by plan IDs (planId, planIds), assign level (assignLevel) for user or account, user IDs (userIds), or account (tenant) IDs (tenantIds), and optionally include related entities (withRelations).

Security
bearer
Query
offsetnumber

Page offset of results to return

Example: offset=0
limitnumber

Number of results per page

Example: limit=10
sortTypestring

Sort type, ASC for ascending, DESC for descending

Enum"ASC""DESC"
Example: sortType=DESC
planIdstring

UUID string representing the plan ID

Example: planId=e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
planIdsArray of strings

UUIDs string array representing the plan IDs

Example: planIds=["e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"]
assignLevelstring

Assign level, USER for user-level entitlements, TENANT for tenant-level entitlements

Enum"USER""TENANT"
Example: assignLevel=User
orderBystring

Field to order results by date (createdAt) or expiration date (expirationDate)

Enum"expirationDate""createdAt"
Example: orderBy=expirationDate
userIdsArray of strings

Comma separated user IDs to filter results by

Example: userIds=e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
tenantIdsArray of strings

Comma separated account (tenant) IDs to filter results by

Example: tenantIds=e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3
withRelationsboolean

Boolean value to include related entities in the response

curl -i -X GET \
  https://api.frontegg.com/entitlements/resources/entitlements/v2 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>'

Responses

Bodyapplication/json
itemsArray of objects(EntitlementDto)
hasNextboolean
Response
application/json
{
  "items": [
    { … }
  ],
  "hasNext": true
}

Create entitlement

Request

Create a new entitlement by associating a plan with an account (tenant) and optionally a specific user, with configurable expiration settings.

Security
bearer
Bodyapplication/jsonrequired
planIdstringrequired

UUID string that represents the plan ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
tenantIdstringrequired

UUID string that represents the account (tenant) ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
userIdstring

UUID string that represents the user ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
expirationDatestring(date-time)

Date of entitlement expiration

Example: "2022-01-01T12:00:00"
curl -i -X POST \
  https://api.frontegg.com/entitlements/resources/entitlements/v2 \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "planId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
    "tenantId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
    "userId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
    "expirationDate": "2022-01-01T12:00:00"
  }'

Responses

Bodyapplication/json
idstringrequired

UUID string that represents the entitlement ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
planIdstringrequired

UUID string that represents the plan ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
tenantIdstringrequired

UUID string that represents the account (tenant) ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
userIdstring

UUID string that represents the user ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
expirationDatestring(date-time)

Date of entitlement expiration

Example: "2022-01-01T12:00:00"
createdAtstring(date-time)required

Date when entitlement was created

Example: "2022-01-01T12:00:00"
updatedAtstring(date-time)

Date when entitlement was last updated

Example: "2022-01-01T12:00:00"
planobjectrequired
plan.​idstringrequired

UUID string that represents the plan ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
plan.​vendorIdstringrequired

UUID string that represents the vendor ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
plan.​namestringrequired

String that represents the plan name

Example: "Test Plan"
plan.​defaultTimeLimitationnumber

Number that represents the default time limitation in days for auto-assigned plans

Example: "30"
plan.​descriptionstring

Feature plan description

Example: "This is a test plan"
plan.​createdAtstringrequired

Date when plan was created

Example: "2022-01-01T00:00:00"
plan.​updatedAtstring

Date when plan was last updated

Example: "2022-01-01T00:00:00"
Response
application/json
{
  "id": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
  "planId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
  "tenantId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
  "userId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
  "expirationDate": "2022-01-01T12:00:00",
  "createdAt": "2022-01-01T12:00:00",
  "updatedAt": "2022-01-01T12:00:00",
  "plan": {
    "id": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
    "vendorId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
    "name": "Test Plan",
    "defaultTimeLimitation": "30",
    "description": "This is a test plan",
    "createdAt": "2022-01-01T00:00:00",
    "updatedAt": "2022-01-01T00:00:00"
  }
}

Batch create entitlements

Request

Create multiple entitlements in a single batch operation, efficiently associating plans with accounts (tenants) and optionally specific users.

Security
bearer
Bodyapplication/jsonrequired
entitlementsArray of objects(CreateEntitlementDto)required

Array of entitlements to create

entitlements[].​planIdstringrequired

UUID string that represents the plan ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
entitlements[].​tenantIdstringrequired

UUID string that represents the account (tenant) ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
entitlements[].​userIdstring

UUID string that represents the user ID

Example: "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
entitlements[].​expirationDatestring(date-time)

Date of entitlement expiration

Example: "2022-01-01T12:00:00"
curl -i -X POST \
  https://api.frontegg.com/entitlements/resources/entitlements/v2/batch \
  -H 'Authorization: Bearer <YOUR_JWT_HERE>' \
  -H 'Content-Type: application/json' \
  -d '{
    "entitlements": [
      {
        "planId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
        "tenantId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
        "userId": "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3",
        "expirationDate": "2022-01-01T12:00:00"
      }
    ]
  }'

Responses

Bodyapplication/json
entitlementIdsArray of stringsrequired

UUID string that represents the entitlement ID

Example: ["e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"]
Response
application/json
{
  "entitlementIds": [
    "e6a5012c-cbeb-4c1e-ab80-e5f43efd44e3"
  ]
}

Feature Flags

Operations

API Access Control

Operations