Kate Santo Updated by Kate Santo

Privileges are membership levels. They allow the admin of an app to restrict access to padoqs. In the free Padoq app, when a user goes to Explore, they will see every public padoq. However, in an app with privileges set up, when a user goes to Explore, they will only see padoqs with a matching privilege.

Privileges are exclusive to an app, so they are not shared across different apps or namespaces.

Find out how privileges work in this guide.

See for yourself

  • You can download the iOS or Android app on your phone to follow this journey along. And you can also log in or sign up to the web app here
  • You can also follow along by checking out the images or code snippets in this guide
  • And you will find the relevant endpoints linked and explained in this guide, but the full API is documented in Swagger UI


  • Privileges need to have been set up in the app or namespace by the system administrator. Only users with the relevant permission/scope can create or update privileges for an app. The account manager can update the user's scope to allow access to the environment where privileges are managed
  • If an app has privileges set up, these are retrieved by calling the getUserPrivileges endpoint and the definition of the privileges available in an app are stored in the UserPrivilegeDefinitions schema. Only system admins and account managers have access to these


Imagine an app has been set up with 3 privilege levels (gold, silver and bronze). These would be represented like you see below. Plus, there is always a standard privilege level that is assigned to all users unless they have a greater privilege in their profile:

"levels": [
"name": "gold",
"description": "Gold - exclusive.",
"level": 3
"name": "silver",
"description": "Silver.",
"level": 2
"name": "bronze",
"description": "Bronze.",
"level": 1
"name": "standard",
"description": "An inclusive privilege with no 'level' value."

In the web app, these would look like this:

Privileges in a padoq

When a user is creating a padoq in an app that has privileges set up, they won't have an option to assign a privilege to a padoq. However, the app or system admin can do this. In the example above, the admin can choose to make a padoq gold, silver or bronze.

The privilege will be stored in the permittedPrivileges property within the padoq (see it in any padoq by calling the getPadoq endpoint). The permittedPrivileges property has a string as its value. The string will be either one of the privileges available in that app, or null if the system admin has chosen to not assign a privilege to that padoq.

When a padoq has a privilege assigned to it, this will impact whether it appears in Explore for users. For example, a padoq with a privilege of gold will only appear in Explore for users who also have the gold privilege in their profile. Find out more about Explore and privileges in our guide. And find out more about privileges at user level in the next section of this guide.

"permittedPrivileges": [

Privileges in the user profile

For the user, privileges are stored in the privileges property within the user profile. Users gain privileges either on creation of their profile (via the addUser endpoint) or with an update to their profile (via the updateUser endpoint). The user, however, doesn't have a way to handle or update their privileges. This is only possible if the app admin does it, or via an integration. That property looks like this:

"privileges": "bronze"

The privilege assigned to a user affects the padoqs they can access. For example, a user with a privilege of bronze in an app that has bronze, silver and gold privileges might go on Explore to browse and join new padoqs. The padoqs that particular user will see are:

  • The padoqs that have a privilege of bronze and
  • The padoqs that have no privilege assigned. Assigning privileges to a padoq is optional, so if there are padoqs without privileges, all users will be able to find and join those in Explore

Other padoqs that are silver or gold won't come up in Explore for this user, as they can't join those padoqs with their bronze privilege.

How did we do?