Rate limiting
Every plan has defined rate limits with separate thresholds for read and write operations. Reads are cheaper, so they get higher limits. Writes are more expensive and more tightly controlled.
Limits are enforced per account. When you hit a limit, requests return a retry-after header so clients can back off gracefully.
API key scoping
API keys are issued with one of two scopes: read-only or read-write. Read-only keys can fetch documents and list projects but can't modify anything.
Keys default to read-only. You must explicitly grant write access when creating or updating a key.
Role-based permissions
pdrive uses five permission tiers:
- Viewer can read documents and view versions
- Editor can read, upload, and modify documents
- Manager can manage members and project settings
- Admin can manage account-level settings
- Owner has full control including deletion and account ownership transfer
Roles are assigned per project and per account. A user can be an editor on one project and a viewer on another.
Project visibility
Projects support three visibility levels. Private restricts access to explicit members only. Members-only is visible to all account members but not the public. Public is readable by anyone, including unauthenticated users.
New projects default to private.
Two levels of access control
Permissions are enforced at both the account level and the project level. Account-level controls determine who can create projects, invite members, and manage billing. Project-level controls determine who can see and modify specific content.
Both layers must allow an action for it to succeed.