# Configuring Profile API Token You may want a user or group of users to be able to create, edit, or delete a Profile API Token within certain folders without granting them Full Control to All Folders within a Parent Segment. With Profile API Token permission, you can grant users Profile API Token for certain Folders, without compromising other folders and segments to which the user should not have access. An Administrator may assign a profile to a user to enable or limit their access. This article provides details on how to apply or update Profile API Token permission for a particular parent segment and its associated folders using endpoints for [Access Control Permissions](https://api-docs.treasuredata.com/pages/td-api/tag/Access-Control-Permissions/). INFO An audience ID may represent a parent segment, a batch segment, or a realtime segment. This topic contains: - [Prerequisites](#prerequisites) - [Verify the Profile API Token for a Policy](#verify-the-profile-api-token-for-a-policy) - [Apply Profile API Token to a Parent Segment](#apply-profile-api-token-to-a-parent-segment) - [Update a Policy’s Profile API Token](#update-a-policys-profile-api-token) - [Remove Profile API Token Permission](#remove-profile-api-token-permission) ## Prerequisites - Basic knowledge of Treasure Data - Your personal [Master API Key](/en/api/td-api/quickstart/#getting-your-api-keys) ## Verify the Profile API Token for a Policy To confirm a policy has Profile API Token applied, you first need to view which permissions a policy has enabled. In the following example, you can view the permissions for policy `1115654`. ```Json Sample Request curl --location --request GET 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions \ --header 'Accept: application/json' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ ``` In the following response, this portion of the response shows the Profile API Token has been applied to the audience ID `69129`. *The response has been condensed for brevity.* ```Json Sample Response { "ProfilesApiToken": [ { "audience_id": "69129", "operation": "full" } ] } ``` ## Apply Profile API Token to a Parent Segment To enable the Profile API Token option, add this field into the payload. In the following example, the Profile API Token is included for the audience ID `143857` and its operation is set to `full`. ```Json Sample { "ProfilesApiToken": [ { "audience_id": "143857", "operation": "full" } ] } ``` Replace all the existing permissions on the policy. Add the new permission. ## Update a Policy’s Profile API Token You can update how a Profile API Token is applied to a policy by using the parent segment, or **audience id**, and the **policy id** to which it should be assigned. In the examples that follow, the audience ID `143856` is applied to the policy `1115654`. In the first example, permission to `edit` and `view` all folders within the specified segment is applied. Whereas in the second example, different permissions are set to specific folders within the parent segment. **Example 1** In the example that follows, the policy is applied to all folders for the parent segment `143856`. Indicated as audience ID `143856` and all the `SegmentAllFolders` permission is set to `edit` and `view` all folders to enable permissions for all the folders within the specified segment. **Sample Request** ```Json Sample Request curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ --data-raw '{ "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" } ], "SegmentAllFolders": [ { "audience_id": "143856", "operation": "view" }, { "audience_id": "143856", "operation": "edit" } ] }' ``` The response confirms that Profile API Token permissions are applied to the parent segment `143856` as well as its folders. With this change, the user with this policy is able to create, edit, and delete the Profile API Token. **Sample Response** ```Json Sample Response { "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" } ], "SegmentAllFolders": [ { "audience_id": "143856", "operation": "view" }, { "audience_id": "143856", "operation": "edit" } ] } ``` **Example 2** In the example that follows, the policy is applied to all folders for the parent segment `143856` and `view` or `edit` operation is applied to specific folders within the parent segment while the value for the `SegmentAllFolders` field is left empty. Both `view` and `edit` operations are applied to the specified folder, `498948`. While only the `view` operation is applied to folder `498708`. **Sample Request** ```Json Sample Request curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ --data-raw '{ "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" } ], "SegmentAllFolders": [], "SegmentFolder": [ { "id": "498708", "operation": "view" }, { "id": "498948", "operation": "view" }, { "id": "498948", "operation": "edit" } ] }' ``` The response confirms that a Profile API Token is applied to the parent segment `143856`, with more granular permissions applied to folders within the segment. **Sample Response** ```Json Sample Response { "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" } ], "SegmentAllFolders": [], "SegmentFolder": [ { "id": "498708", "operation": "view" }, { "id": "498948", "operation": "view" }, { "id": "498948", "operation": "edit" } ] } ``` ## Remove Profile API Token Permission To remove Profile API Token permission for a particular parent segment, omit the `audience_id` for that particular parent segment. In the example that follows, Profile API Token permissions are first confirmed for audience IDs `143856` and `143857`. ```Json { "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" }, { "audience_id": "143857", "operation": "full" } ] } ``` In the request payload, Profile API Token permission is removed for audience ID `143856`, while Profile API Token permission is retained for audience ID `143857`. **Sample Request** ```Json Sample Request curl --location --request PATCH 'https://{{baseUrl}}/v3/access_control/policies/1115654/permissions' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: TD1 123/456789xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \ --data-raw '{ "ProfilesApiToken": [ { "audience_id": "143856", "operation": "full" } ] }' ``` The response confirms that Profile API Token is applied only to the parent segment `143857`. **Sample Response** ```Json Sample Response { "ProfilesApiToken": [ { "audience_id": "143857", "operation": "full" } ] } ```