Authorization and Directives
Permission Gating
Use object-level permission checks before sensitive operations:
App.permissions(permissions: [String])AppEnvironment.permissions(permissions: [String])Organization.permissions(permissions: [String])
Directive Semantics
The runtime schema uses directives that affect caller behavior:
@hasPermission: field-level access checks.@requireElevatedPermission: requires an elevated token (for example viax-elevated-token) for protected operations.@isVIP: VIP-only fields.@rateLimit,@rateLimitPerModel,@rateLimitPerModelAndUser: operation-level throttling controls.
Treat 429 responses as retriable with backoff and jitter.