> ## Documentation Index
> Fetch the complete documentation index at: https://docs.limitless.exchange/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Partner Capabilities

> Returns the partner capability configuration for the authenticated user, including whether token management is enabled and which scopes are allowed for self-service token derivation. Requires Privy authentication (Bearer token).

<Info>
  Requires **Privy authentication** (Bearer token). HMAC and API key auth are not accepted for this endpoint.
</Info>

This endpoint returns whether token management is enabled for your partner account and which scopes you can request when deriving tokens.

If no partner capability row exists for your profile, the endpoint returns `tokenManagementEnabled: true` with `allowedScopes: ["trading"]` — the public self-service default, so any logged-in user can derive a `trading`-scoped token. Partner-level scopes (`account_creation`, `delegated_signing`, `withdrawal`) only appear in `allowedScopes` after your account is approved. Contact [help@limitless.network](mailto:help@limitless.network) to get partner capabilities enabled.


## OpenAPI

````yaml GET /auth/api-tokens/capabilities
openapi: 3.0.0
info:
  title: Limitless Exchange API
  description: >-
    Production-ready REST API for prediction market trading, portfolio
    management, and market data on Limitless Exchange (Base L2).
  version: '1.0'
  contact:
    name: API Support
    url: https://limitless.exchange
    email: help@limitless.network
servers:
  - url: https://api.limitless.exchange
    description: Production API
security: []
tags:
  - name: Authentication
    description: User authentication and session management
  - name: Markets
    description: Browse, search, and analyze prediction markets
  - name: Market Navigation
    description: Navigation tree, market pages, and property filters
  - name: Trading
    description: Create, manage, and cancel orders
  - name: Portfolio
    description: Position tracking, trade history, and performance
  - name: API Tokens
    description: Scoped API token management for partner integrations
  - name: Partner Accounts
    description: Sub-account creation and allowance recovery for partner integrations
  - name: System
    description: Public API state and availability information
paths:
  /auth/api-tokens/capabilities:
    get:
      tags:
        - API Tokens
      summary: Get partner capabilities
      description: >-
        Returns the partner capability configuration for the authenticated user,
        including whether token management is enabled and which scopes are
        allowed for self-service token derivation. Requires Privy authentication
        (Bearer token).
      operationId: ApiTokenController_getCapabilities
      parameters: []
      responses:
        '200':
          description: Partner capability configuration
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PartnerCapabilitiesResponse'
        '401':
          description: Requires Privy authentication
      security:
        - HmacAuth: []
components:
  schemas:
    PartnerCapabilitiesResponse:
      type: object
      properties:
        partnerProfileId:
          type: integer
          description: Partner profile ID
          example: 42
        tokenManagementEnabled:
          type: boolean
          description: Whether the partner can manage tokens via self-service endpoints
          example: true
        allowedScopes:
          type: array
          items:
            type: string
            enum:
              - trading
              - account_creation
              - delegated_signing
          description: Scopes the partner is allowed to request when deriving tokens
          example:
            - trading
            - account_creation
            - delegated_signing
      required:
        - partnerProfileId
        - tokenManagementEnabled
        - allowedScopes
  securitySchemes:
    HmacAuth:
      type: apiKey
      in: header
      name: lmts-api-key
      description: >-
        Scoped API token with HMAC-SHA256 signing. Requires three headers:
        lmts-api-key (token ID), lmts-timestamp (ISO-8601), lmts-signature
        (Base64-encoded HMAC). See Authentication docs for details.

````