Ctrl+K

Modify permissions on a given sheet of a spreadsheet

Modify permissions on a given sheet of a spreadsheet#

Deprecated

This endpoint is deprecated and may be removed in a future release.

This endpoint was deprecated on 2026-02-12.

It is scheduled for sunset on 2027-01-31.

Description#

Assign and/or revoke permissions on a sheet. If any modification in a request fails, all modifications on that request fail.

To modify an existing permission, the existing permission must first be explicitly revoked. Then, the new permission needs to be assigned. This can be done in a single request by sending toAssign and toRevoke in the request body.

POST /prototype/platform/spreadsheets/{spreadsheetId}/sheets/{sheetId}/permissions/modification

Required OAuth Scopes

file:write

Parameters#

Parameter

In

Type

Required

Description

X-Version

header

string

false

Version of the API (2022-01-01)

spreadsheetId

path

string

true

The unique identifier of the spreadsheet

sheetId

path

string

true

The unique identifier of the sheet

body

body

ResourcePermissionsModification

true

Details about the sheet permissions modification.

Body parameter example#

{
  "toAssign": [
    {
      "permission": "598e8fa3-3e7c-4fb7-b662-f44522216e2b",
      "principal": "V0ZVc2VyHzU2NDg2NjU2MjQ0NDQ5Mjg"
    }
  ],
  "toRevoke": [
    {
      "permission": "85aa87ee-beb9-4417-8fa0-420e9de63534",
      "principal": "V0ZVc2VyHzU2NDg2NjU2MjQ0NDQ5Mjg"
    }
  ]
}

Code Samples#

curl -X POST https://api.app.wdesk.com/prototype/platform/spreadsheets/{spreadsheetId}/sheets/{sheetId}/permissions/modification \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -H 'Authorization: Bearer {access-token}' \
    -H 'X-Version: 2022-01-01'

http POST https://api.app.wdesk.com/prototype/platform/spreadsheets/{spreadsheetId}/sheets/{sheetId}/permissions/modification \
    X-Version:2022-01-01 \
    Content-Type:application/json \
    Accept:application/json \
    Authorization:"Bearer {access-token}"

wget --method=POST "https://api.app.wdesk.com/prototype/platform/spreadsheets/{spreadsheetId}/sheets/{sheetId}/permissions/modification" \
    --output-document -  \ 
    --header 'Content-Type: application/json' \ 
    --header 'Accept: application/json' \ 
    --header 'Authorization: Bearer {access-token}' \
    --header 'X-Version: 2022-01-01'

import requests

headers = {
  'X-Version': '2022-01-01',
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.app.wdesk.com/prototype/platform/spreadsheets/{spreadsheetId}/sheets/{sheetId}/permissions/modification', headers = headers)

Returns#

204 - No Content#

400 - Bad Request#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

401 - Unauthorized#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

403 - Forbidden#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

404 - Not Found#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

409 - Conflict#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

429 - Too Many Requests#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

500 - Internal Server Error#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

503 - Service Unavailable#

Error response that indicates that the service is not able to process the incoming request. The reason is provided in the error message.

Example Responses#

{
  "code": "400BadRequest",
  "message": "The request was unacceptable, often due to a missing or invalid parameter"
}

{
  "code": "401Unauthorized",
  "message": "No valid API token provided"
}

{
  "code": "403Forbidden",
  "message": "The API token does not have permissions to perform the request"
}

{
  "code": "404NotFound",
  "message": "The requested resource could not be found"
}

{
  "code": "409Conflict",
  "message": "The request conflicts with another request"
}

{
  "code": "429TooManyRequests",
  "message": "Too many requests have been made against the API in too short a time"
}

{
  "code": "500InternalServerError",
  "message": "The server encountered an unexpected condition that prevented it from fulfilling the request"
}

{
  "code": "503ServiceUnavailable",
  "message": "The server cannot handle the request due to a temporary overload or scheduled maintenance"
}