The Proxy Permissions API configures authentication groups and access control for proxy endpoints at both the container and project scope. Each proxy permissions document defines authentication groups (jwt, password, ip, token), per-group program access rules, a default fallback policy, and the proxy enable state. Container-level documents may also define per-service proxy hooks.
All write operations (PATCH, DELETE) require the optimistic-concurrency If-Match: file:v header. Read the current file_version from GET first; the server returns 428 when the header is absent and 412 when it is stale.
Retrieve the full proxy access control configuration for a container, including authentication groups, per-group program permissions, default policy, proxy enable state, and hooks.
const { data } = await client . api . proxyPermissionsContainer . get ( {
id: " 507f1f77bcf86cd799439012 "
curl https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions \
-H " Authorization: Bearer <token> "
"message" : " Container proxy permissions retrieved successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Container not found "
Name In Type Required Description idpath string Yes Container ID
Replace the entire container proxy permissions document. Use this for bulk rewrites; for targeted edits use the dedicated /default, /state, /groups/..., and /permissions/... endpoints below.
await client . api . proxyPermissionsContainer . replace ({
id: " 507f1f77bcf86cd799439012 " ,
project: " 507f1f77bcf86cd799439011 " ,
container: " 507f1f77bcf86cd799439012 " ,
admin: { type: " jwt " , algorithm: " HS256 " , secret: " <jwt-secret> " , sources: [ " header:Authorization " ] }
admin: { terminal: " * " , files: true }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"project": "507f1f77bcf86cd799439011",
"container": "507f1f77bcf86cd799439012",
"groups": { "admin": { "type": "jwt", "algorithm": "HS256", "secret": "<jwt-secret>", "sources": ["header:Authorization"] } },
"permissions": { "admin": { "terminal": "*", "files": true } },
"message" : " Container proxy permissions updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid proxy permissions configuration "
Name In Type Required Description idpath string Yes Container ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description projectstring Yes Project ID owning this container (24-character hex) containerstring Yes Container ID (must match path :id, 24-character hex) groupsobject Yes Authentication groups. Key is group name; value is group config (jwt, password, ip, token) permissionsobject Yes Per-group program permissions. Map of program → access rule (boolean, port number, port list, port range, or "*") defaultstring No Default access policy. One of allow, deny. Defaults to deny enable_proxyboolean No Enable or disable the proxy. Defaults to true hooksobject No Per-service proxy hooks. Keys are service names; values are arrays of { match, script, timeout? } rules. Max 8 per service, 32 per file total. Reject-listed services: logs, proxy, workspaces
Delete the container proxy permissions document and revert the container to open access.
await client . api . proxyPermissionsContainer . delete ({
id: " 507f1f77bcf86cd799439012 " ,
curl -X DELETE https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions \
-H " Authorization: Bearer <token> " \
"message" : " Container proxy permissions deleted successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Container not found "
Name In Type Required Description idpath string Yes Container ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Update only the default access policy that applies when no authentication group matches.
await client . api . proxyPermissionsContainer . updateDefault ({
id: " 507f1f77bcf86cd799439012 " ,
data: { default: " allow " }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/default \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "default": "allow" } '
"message" : " Default policy updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
Name In Type Required Description idpath string Yes Container ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description defaultstring Yes Default access policy for unmatched requests. One of allow, deny
Enable or disable the proxy entirely for the container. When disabled, the proxy layer is bypassed and access control is removed.
await client . api . proxyPermissionsContainer . updateState ({
id: " 507f1f77bcf86cd799439012 " ,
data: { enable_proxy: true }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/state \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "enable_proxy": true } '
"message" : " Proxy state updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
Name In Type Required Description idpath string Yes Container ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description enable_proxyboolean Yes Enable or disable the proxy entirely
Authentication groups define WHO is allowed to reach the proxy. Each group has a type (jwt, password, ip, token) and the credentials needed to verify it.
Configure an IP-based authentication group using an IPv4 CIDR range.
await client . api . proxyPermissionsContainer . setIpGroup ({
id: " 507f1f77bcf86cd799439012 " ,
data: { range: " 192.168.1.0/24 " }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/groups/office/ip \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "range": "192.168.1.0/24" } '
"message" : " IP authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid IP CIDR range "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description rangestring Yes IPv4 CIDR range (e.g. 192.168.1.0/24, 10.0.0.0/8, 203.0.113.5/32)
Configure a JWT-based authentication group with a signing algorithm, secret/public key, and token sources.
await client . api . proxyPermissionsContainer . setJwtGroup ({
id: " 507f1f77bcf86cd799439012 " ,
sources: [ " header:Authorization " , " cookie:jwt_token " ],
claims: { role: " admin " , level: 5 }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/groups/admin/jwt \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"secret": "<jwt-secret>",
"sources": ["header:Authorization"],
"claims": { "role": "admin" }
"message" : " JWT authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid JWT configuration "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description secretstring Yes JWT secret. For HS256: any string. For RS256/ES256: PEM-encoded public key algorithmstring Yes Signature algorithm. One of HS256, RS256, ES256 sourcesarray Yes Where to look for JWT tokens. Each entry uses the format header:Name or cookie:Name claimsobject No Required JWT claims to validate exactly. Values must be string, number, or boolean
Configure a username/password authentication group using SHA256 hashing.
await client . api . proxyPermissionsContainer . setPasswordGroup ({
id: " 507f1f77bcf86cd799439012 " ,
password: " correct-horse-battery-staple " ,
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/groups/users/password \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"password": "correct-horse-battery-staple",
"message" : " Password authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid password configuration "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description usernamestring Yes Username to match exactly passwordstring Yes Password plaintext or pre-hashed SHA256(salt + password) lowercase hex algorithmstring No Hashing algorithm. Only sha256 is supported saltstring Yes Salt used for password hashing (unique per group recommended)
Configure a static-token authentication group. Exactly one of header, cookie, or param must be supplied together with value.
await client . api . proxyPermissionsContainer . setTokenGroup ({
id: " 507f1f77bcf86cd799439012 " ,
groupName: " external-api " ,
data: { header: " X-API-Key " , value: " <static-token> " }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/groups/external-api/token \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "cookie": "session", "value": "<static-token>" } '
"message" : " Token authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid token configuration "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
The body must contain exactly one location (header, cookie, or param) together with value.
Variant Required Fields Description Header token header, valueMatch a header name (case-insensitive) against a literal token value Cookie token cookie, valueMatch a cookie name (case-sensitive) against a literal token value Query token param, valueMatch a query parameter name (case-sensitive) against a literal token value
Remove a single authentication group from the container document.
await client . api . proxyPermissionsContainer . removeAuthGroup ({
id: " 507f1f77bcf86cd799439012 " ,
curl -X DELETE https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/groups/office \
-H " Authorization: Bearer <token> " \
"message" : " Authentication group removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Container or group not found "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Group name to remove if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Program permissions define WHAT each authenticated group is permitted to access: a boolean (allow/deny all), a single port/index number, a list of ports, a port range, or "*".
Note
For programs files, services, notifications, and exec, only a boolean is allowed. For network programs like terminal, ssh, ui, http, use boolean, port number, port list, port range, or "*".
Set a single program access rule for a group. The body specifies which program and which access rule to apply.
await client . api . proxyPermissionsContainer . setGroup ({
id: " 507f1f77bcf86cd799439012 " ,
data: { program: " http " , access: [ 80 , 443 ] }
curl -X PATCH https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/permissions/admin \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "program": "http", "access": [80, 443] } '
"message" : " Group program permission set successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
"message" : " Invalid permission value "
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description programstring Yes Program name (e.g. http, terminal, ssh, files, exec, services, notifications) accessboolean | number | array | string Yes Access rule. Boolean for allow/deny all; number for a single port/index; array of numbers for specific ports; "low-high" string for a port range; "*" for wildcard allow-all
Remove ALL program permissions for a group on this container in one call.
await client . api . proxyPermissionsContainer . removeGroup ({
id: " 507f1f77bcf86cd799439012 " ,
curl -X DELETE https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/permissions/admin \
-H " Authorization: Bearer <token> " \
"message" : " All group permissions removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Remove a single program’s access rule for a group, leaving all other programs untouched.
await client . api . proxyPermissionsContainer . removeProgram ({
id: " 507f1f77bcf86cd799439012 " ,
curl -X DELETE https://api.hoody.com/api/v1/containers/507f1f77bcf86cd799439012/proxy/permissions/permissions/admin/ssh \
-H " Authorization: Bearer <token> " \
"message" : " Program permission removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"container" : " 507f1f77bcf86cd799439012 " ,
Name In Type Required Description idpath string Yes Container ID groupNamepath string Yes Group name programpath string Yes Program name (e.g. http, ssh, files) if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Project-scoped proxy permissions apply as defaults to every container in the project. Container-level documents override project-level rules when both are present.
Retrieve the full proxy access control configuration for a project.
const { data } = await client . api . proxyPermissionsProject . get ( {
id: " 507f1f77bcf86cd799439011 "
curl https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions \
-H " Authorization: Bearer <token> "
"message" : " Project proxy permissions retrieved successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Project not found "
Error Code Title Description Resolution PROJECT_NOT_FOUNDProject not found The specified project ID does not exist or you do not have access to it Verify the project ID is correct and that you have permission to access this project
Name In Type Required Description idpath string Yes Project ID
Replace the entire project proxy permissions document. Use this for bulk rewrites; for targeted edits use the dedicated /default, /state, /groups/..., and /permissions/... endpoints below.
await client . api . proxyPermissionsProject . replace ({
id: " 507f1f77bcf86cd799439011 " ,
project: " 507f1f77bcf86cd799439011 " ,
admin: { type: " jwt " , algorithm: " HS256 " , secret: " <jwt-secret> " , sources: [ " header:Authorization " ] }
admin: { terminal: true , files: true }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"project": "507f1f77bcf86cd799439011",
"groups": { "admin": { "type": "jwt", "algorithm": "HS256", "secret": "<jwt-secret>", "sources": ["header:Authorization"] } },
"permissions": { "admin": { "terminal": true, "files": true } },
"message" : " Project proxy permissions updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid permissions configuration "
Error Code Title Description Resolution VALIDATION_ERRORInvalid input parameters The proxy permissions configuration contains invalid data or missing required fields Check that all required fields are present and properly formatted according to the schema INVALID_JWT_CONFIGInvalid JWT configuration JWT authentication group has invalid secret, algorithm, or sources configuration Ensure JWT secret is valid for the algorithm, sources are properly formatted, and claims are scalar values INVALID_IP_RANGEInvalid IP CIDR range IP authentication group has an invalid IPv4 CIDR notation Use valid IPv4 CIDR format like 192.168.1.0/24 or 10.0.0.1/32
"message" : " Project not found "
Error Code Title Description Resolution PROJECT_NOT_FOUNDProject not found The specified project ID does not exist or you do not have access to it Verify the project ID is correct and that you have permission to access this project
Name In Type Required Description idpath string Yes Project ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description projectstring Yes Project ID (must match path :id, 24-character hex) groupsobject Yes Authentication groups. Key is group name; value is group config (jwt, password, ip, token) permissionsobject Yes Per-group program permissions. Map of program → access rule (boolean, port number, port list, port range, or "*") defaultstring No Default access policy. One of allow, deny. Defaults to deny enable_proxyboolean No Enable or disable the proxy. Defaults to true
Remove all proxy access control configuration from the project and revert to open access with the allow default policy.
await client . api . proxyPermissionsProject . delete ({
id: " 507f1f77bcf86cd799439011 " ,
curl -X DELETE https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions \
-H " Authorization: Bearer <token> " \
"message" : " Project proxy permissions deleted successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Project not found "
Error Code Title Description Resolution PROJECT_NOT_FOUNDProject not found The specified project ID does not exist or you do not have access to it Verify the project ID is correct and that you have permission to access this project
Name In Type Required Description idpath string Yes Project ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Update only the default access policy that applies when no authentication group matches.
await client . api . proxyPermissionsProject . updateDefault ({
id: " 507f1f77bcf86cd799439011 " ,
data: { default: " deny " }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/default \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "default": "deny" } '
"message" : " Default policy updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid default policy value "
Error Code Title Description Resolution VALIDATION_ERRORInvalid default policy The default policy must be either allow or deny Provide a valid default value: allow or deny
"message" : " Project not found "
Error Code Title Description Resolution PROJECT_NOT_FOUNDProject not found The specified project ID does not exist or you do not have access to it Verify the project ID is correct and that you have permission to access this project
Name In Type Required Description idpath string Yes Project ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description defaultstring Yes Default access policy for unmatched requests. One of allow, deny
Enable or disable the proxy entirely for the project. When disabled, the proxy layer is bypassed and all access control is removed.
await client . api . proxyPermissionsProject . updateState ({
id: " 507f1f77bcf86cd799439011 " ,
data: { enable_proxy: false }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/state \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "enable_proxy": false } '
"message" : " Proxy state updated successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid enable_proxy value "
Error Code Title Description Resolution VALIDATION_ERRORInvalid enable_proxy value The enable_proxy field must be a boolean (true or false) Provide a valid boolean value: true to enable proxy, false to disable
"message" : " Project not found "
Error Code Title Description Resolution PROJECT_NOT_FOUNDProject not found The specified project ID does not exist or you do not have access to it Verify the project ID is correct and that you have permission to access this project
Name In Type Required Description idpath string Yes Project ID if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description enable_proxyboolean Yes Enable or disable the proxy entirely
Configure an IP-based authentication group for the project using an IPv4 CIDR range.
await client . api . proxyPermissionsProject . setIpGroup ({
id: " 507f1f77bcf86cd799439011 " ,
data: { range: " 192.168.1.0/24 " }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/groups/office/ip \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "range": "192.168.1.0/24" } '
"message" : " IP authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid IP CIDR range "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description rangestring Yes IPv4 CIDR range (e.g. 192.168.1.0/24, 10.0.0.0/8, 203.0.113.5/32)
Configure a JWT-based authentication group for the project with a signing algorithm, secret/public key, and token sources.
await client . api . proxyPermissionsProject . setJwtGroup ({
id: " 507f1f77bcf86cd799439011 " ,
sources: [ " header:Authorization " ],
claims: { role: " admin " }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/groups/admin/jwt \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"secret": "<jwt-secret>",
"sources": ["header:Authorization"],
"claims": { "role": "admin" }
"message" : " JWT authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid JWT configuration "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description secretstring Yes JWT secret. For HS256: any string. For RS256/ES256: PEM-encoded public key algorithmstring Yes Signature algorithm. One of HS256, RS256, ES256 sourcesarray Yes Where to look for JWT tokens. Each entry uses the format header:Name or cookie:Name claimsobject No Required JWT claims to validate exactly. Values must be string, number, or boolean
Configure a username/password authentication group for the project using SHA256 hashing.
await client . api . proxyPermissionsProject . setPasswordGroup ({
id: " 507f1f77bcf86cd799439011 " ,
password: " correct-horse-battery-staple " ,
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/groups/users/password \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
"password": "correct-horse-battery-staple",
"message" : " Password authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid password configuration "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description usernamestring Yes Username to match exactly passwordstring Yes Password plaintext or pre-hashed SHA256(salt + password) lowercase hex algorithmstring No Hashing algorithm. Only sha256 is supported saltstring Yes Salt used for password hashing (unique per group recommended)
Configure a static-token authentication group for the project. Exactly one of header, cookie, or param must be supplied together with value.
await client . api . proxyPermissionsProject . setTokenGroup ({
id: " 507f1f77bcf86cd799439011 " ,
groupName: " api-clients " ,
data: { header: " X-API-Key " , value: " <static-token> " }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/groups/api-clients/token \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "header": "X-API-Key", "value": "<static-token>" } '
"message" : " Token authentication group configured successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid token configuration "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Authentication group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
The body must contain exactly one location (header, cookie, or param) together with value.
Variant Required Fields Description Header token header, valueMatch a header name (case-insensitive) against a literal token value Cookie token cookie, valueMatch a cookie name (case-sensitive) against a literal token value Query token param, valueMatch a query parameter name (case-sensitive) against a literal token value
Remove a single authentication group from the project document.
await client . api . proxyPermissionsProject . removeAuthGroup ({
id: " 507f1f77bcf86cd799439011 " ,
curl -X DELETE https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/groups/office \
-H " Authorization: Bearer <token> " \
"message" : " Authentication group removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Project or group not found "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Group name to remove if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Set a single program access rule for a project group.
await client . api . proxyPermissionsProject . setGroup ({
id: " 507f1f77bcf86cd799439011 " ,
data: { program: " http " , access: true }
curl -X PATCH https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/permissions/admin \
-H " Authorization: Bearer <token> " \
-H " Content-Type: application/json " \
-d ' { "program": "http", "access": true } '
"message" : " Group program permission set successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
"message" : " Invalid permission value "
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Name Type Required Description programstring Yes Program name (e.g. http, terminal, ssh, files, exec, services, notifications) accessboolean | number | array | string Yes Access rule. Boolean for allow/deny all; number for a single port/index; array of numbers for specific ports; "low-high" string for a port range; "*" for wildcard allow-all
Remove ALL program permissions for a group on this project in one call.
await client . api . proxyPermissionsProject . removeGroup ({
id: " 507f1f77bcf86cd799439011 " ,
curl -X DELETE https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/permissions/admin \
-H " Authorization: Bearer <token> " \
"message" : " All group permissions removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Group name if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first
Remove a single program’s access rule for a project group, leaving all other programs untouched.
await client . api . proxyPermissionsProject . removeProgram ({
id: " 507f1f77bcf86cd799439011 " ,
curl -X DELETE https://api.hoody.com/api/v1/projects/507f1f77bcf86cd799439011/proxy/permissions/permissions/admin/http \
-H " Authorization: Bearer <token> " \
"message" : " Program permission removed successfully " ,
"project" : " 507f1f77bcf86cd799439011 " ,
Name In Type Required Description idpath string Yes Project ID groupNamepath string Yes Group name programpath string Yes Program name (e.g. http, ssh, files) if-matchheader string No If-Match: file:v ETag precondition — read current file_version from GET first