> ## Documentation Index > Fetch the complete documentation index at: https://openworklabs.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Grant plugin access > Creates or reactivates one access grant for a plugin. ## OpenAPI ````yaml /openapi.json post /v1/plugins/{pluginId}/access openapi: 3.1.0 info: title: Den API description: >- OpenAPI spec for the Den control plane API. Authentication: - Use `Authorization: Bearer ` for user-authenticated routes that require a Den session. - Use `x-api-key: ` for API-key-authenticated routes that accept organization API keys. - Public routes like health and documentation do not require authentication. Swagger tip: use the security schemes in the Authorize dialog to set either `bearerAuth` or `denApiKey` before trying protected endpoints. version: dev servers: - url: https://api.openworklabs.com security: [] tags: - name: System description: Service health and operational routes. - name: Organizations description: Top-level organization creation and context routes. - name: Invitations description: Invitation preview, acceptance, creation, and cancellation routes. - name: API Keys description: Organization API key management routes. - name: Members description: Organization member management routes. - name: Roles description: Organization custom role management routes. - name: Teams description: Organization team management routes. - name: Templates description: Organization shared template routes. - name: LLM Providers description: Organization LLM provider catalog, configuration, and access routes. - name: Skills description: Organization skill authoring and sharing routes. - name: Skill Hubs description: Organization skill hub management and access routes. - name: Workers description: Worker lifecycle, billing, and runtime routes. - name: Worker Runtime description: Worker runtime inspection and upgrade routes. - name: Worker Activity description: Worker heartbeat and activity reporting routes. - name: Admin description: Administrative reporting routes. - name: Users description: Current user and membership routes. paths: /v1/plugins/{pluginId}/access: post: tags: - Plugins summary: Grant plugin access description: Creates or reactivates one access grant for a plugin. operationId: postV1PluginsByPluginIdAccess parameters: - in: path name: pluginId schema: format: typeid type: string minLength: 30 maxLength: 30 pattern: ^plg_.* required: true description: Den TypeID with 'plg_' prefix and a 26-character base32 suffix. requestBody: required: true content: application/json: schema: type: object properties: orgMembershipId: description: >- Den TypeID with 'om_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 29 maxLength: 29 pattern: ^om_.* teamId: description: >- Den TypeID with 'tem_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^tem_.* orgWide: default: false type: boolean role: type: string enum: - viewer - editor - manager required: - role responses: '201': description: Plugin access grant created successfully. content: application/json: schema: $ref: '#/components/schemas/PluginArchAccessGrantMutationResponse' '400': description: The plugin access request was invalid. content: application/json: schema: $ref: '#/components/schemas/InvalidRequestError' '401': description: The caller must be signed in to manage plugin access. content: application/json: schema: $ref: '#/components/schemas/UnauthorizedError' '403': description: The caller lacks permission to manage plugin access. content: application/json: schema: $ref: '#/components/schemas/ForbiddenError' '404': description: The plugin could not be found. content: application/json: schema: $ref: '#/components/schemas/NotFoundError' components: schemas: PluginArchAccessGrantMutationResponse: type: object properties: ok: type: boolean const: true item: $ref: '#/components/schemas/PluginArchAccessGrant' required: - ok - item InvalidRequestError: type: object properties: error: type: string const: invalid_request details: type: array items: type: object properties: message: type: string path: type: array items: anyOf: - type: string - type: number required: - message additionalProperties: {} required: - error - details UnauthorizedError: type: object properties: error: type: string const: unauthorized required: - error ForbiddenError: type: object properties: error: type: string const: forbidden message: type: string required: - error NotFoundError: type: object properties: error: type: string message: type: string required: - error PluginArchAccessGrant: type: object properties: id: anyOf: - description: Den TypeID with 'coa_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^coa_.* - description: Den TypeID with 'pag_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^pag_.* - description: Den TypeID with 'mag_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^mag_.* - description: Den TypeID with 'cia_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^cia_.* orgMembershipId: anyOf: - description: Den TypeID with 'om_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 29 maxLength: 29 pattern: ^om_.* - type: 'null' teamId: anyOf: - description: Den TypeID with 'tem_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 30 maxLength: 30 pattern: ^tem_.* - type: 'null' orgWide: type: boolean role: type: string enum: - viewer - editor - manager createdByOrgMembershipId: description: Den TypeID with 'om_' prefix and a 26-character base32 suffix. format: typeid type: string minLength: 29 maxLength: 29 pattern: ^om_.* createdAt: type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z|([+-](?:[01]\d|2[0-3]):[0-5]\d)))$ removedAt: anyOf: - type: string format: date-time pattern: >- ^(?:(?:\d\d[2468][048]|\d\d[13579][26]|\d\d0[48]|[02468][048]00|[13579][26]00)-02-29|\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\d|30)|(?:02)-(?:0[1-9]|1\d|2[0-8])))T(?:(?:[01]\d|2[0-3]):[0-5]\d(?::[0-5]\d(?:\.\d+)?)?(?:Z|([+-](?:[01]\d|2[0-3]):[0-5]\d)))$ - type: 'null' required: - id - orgMembershipId - teamId - orgWide - role - createdByOrgMembershipId - createdAt - removedAt ````