User Roles in inabit

Learn about inabit's role system and its permissions per each role

inabit Roles Hierarchy

The following page describes inabit roles system by order "highest" to "lowest"


The owner is the one that approves signing devices and new users and is granted with all of the permissions in the entire system (account).

There's only one owner to an inabit account

Reminder -> there can be multiple organizations in an inabit account, but there cannot be multiple inabit accounts under the same owner.


An admin has access to everything in the system except being able to open new organizations, viewing the account settings & remove the owner.

An inabit account can have multiple admins per organization and an admin can be a set as a different user per each and every organization.


Signers are users similar to admins but their sole purpose is to approve or reject transactions. The signer can't perform administrative operations like add/remove new users to/from an organization.


Editors can access everything in the system but creating new wallets, approving/rejecting transactions and editing organization settings and its users.

They are still capable of creating transaction requests.


A viewer only has viewing permissions in an inabit organization and he/she cannot initiate transactions or edit any of the settings but their own. (User photo, email, password, etc.)

API User Roles

In order to access our API capabilities and authenticate queries and mutations, you must create an API Admin/Viewer.

API Admin

The API admin role is internally generated by inabit when an organization desires to utilize inabit's API infrastructure. Upon receiving such a request, we establish an "API user" devoid of access credentials to the platform's UI. This user's sole function is to issue an access token for inabit's API.

By utilizing the access token provided through this user's credentials, you gain access to inabit's queries and mutations within our GraphQL schema. A significant distinction between this role and other API user roles is that this API user possesses equivalent permissions to a standard Admin within the system.

With this role, you can execute various actions such as creating transactions, adjusting organization settings, inviting new users to your organizations, establishing wallets, and much more - all through the API.

How to create an API Admin?

  • Use the token as a bearer across all of your queries and mutations.

Note - You can also decide to create an API Viewer. The same role permissions are applied to the Viewer role in the platform, doing so you will only receive API capabilities of a viewer.

API Signer

API signer is a unique user created by inabit that is separated from an API admin/viewer.

This API user is created for the sole purpose of serving as the "API approver" to sign transactions using inabit's developed tool we call the "Docker Signer".

In a nutshell, this role's purpose is to serve as a "remote approval" application to simulate/replace the standard inabit mobile approvals app for services that develop and build their infrastructure with inabit.

  • You can learn all about this in our Remote Infrastructure section.

  • If you still find it hard to understand, feel free to contact us for tailored support:

API Viewer

The API viewer is another role generated (currently) by inabit internally when an organization wishes to operate and utilize inabit's API infrastructure.

The sole difference between an API admin and API viewer is the permission access to the capabilities of the API.

  • The API viewer isn't capable of calling mutations such as createTransferRequest or createApiWalletAddress.

Last updated