1--- 2layout: "api" 3page_title: "/sys/capabilities-self - HTTP API" 4sidebar_title: "<code>/sys/capabilities-self</code>" 5sidebar_current: "api-http-system-capabilities-self" 6description: |- 7 The `/sys/capabilities-self` endpoint is used to fetch the capabilities of 8 client token on the given paths. 9--- 10 11# `/sys/capabilities-self` 12 13The `/sys/capabilities-self` endpoint is used to fetch the capabilities of the 14token used to make the API call, on the given paths. The capabilities returned 15will be derived from the policies that are on the token, and from the policies 16to which the token is entitled to through the entity and entity's group 17memberships. 18 19## Query Self Capabilities 20 21This endpoint returns the capabilities of client token on the given paths. The 22client token is the Vault token with which this API call is made. Multiple 23paths are taken in at once and the capabilities of the token for each path is 24returned. For backwards compatibility, if a single path is supplied, a 25`capabilities` field will also be returned. 26 27| Method | Path | 28| :----------------------- | :--------------------- | 29| `POST` | `/sys/capabilities-self` | 30 31 32### Parameters 33 34- `paths` `(list: <required>)` – Paths on which capabilities are being queried. 35 36### Sample Payload 37 38```json 39{ 40 "paths": ["secret/foo"] 41} 42``` 43 44### Sample Request 45 46``` 47$ curl \ 48 --header "X-Vault-Token: ..." \ 49 --request POST \ 50 --data @payload.json \ 51 http://127.0.0.1:8200/v1/sys/capabilities-self 52``` 53 54### Sample Response 55 56```json 57{ 58 "capabilities": [ 59 "delete", 60 "list", 61 "read", 62 "update" 63 ], 64 "secret/foo": [ 65 "delete", 66 "list", 67 "read", 68 "update" 69 ] 70} 71