CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Permissions API

javascript HTML5 Intermediate

TL;DR

The Permissions API (navigator.permissions.query()) lets you check the current state of browser permissions — granted, denied, or prompt — before requesting sensitive APIs.

Explanation

navigator.permissions.query({ name: 'geolocation' | 'camera' | 'clipboard-read' | 'notifications' | ... }) returns a PermissionStatus with state: 'granted', 'denied', or 'prompt'. Subscribe to changes with status.onchange. Use cases: show appropriate UI (enable location button vs 'go to settings' message), avoid triggering permission prompts at bad times. Supported permissions vary by browser. Not all APIs have a corresponding permission entry — check MDN for coverage. Chrome, Firefox, and Safari have different support levels.

Common Misconception

Checking permissions with the Permissions API is the same as requesting them — query() checks without requesting. The actual request happens when you call the API (e.g., geolocation.getCurrentPosition).

Why It Matters

Querying permissions before prompting allows showing context-aware UI — not prompting when denied (show 'enable in settings' instead), or prompting at the right moment.

Common Mistakes

  • Not checking permission before showing a feature that requires it.
  • Assuming query() is available for all permissions — coverage varies by browser.
  • Not reacting to permission state changes (onchange event).

Code Examples

✗ Vulnerable 
// Immediately request — no context for user:
navigator.geolocation.getCurrentPosition(success, error);
✓ Fixed 
const status = await navigator.permissions.query({ name: 'geolocation' });

if (status.state === 'granted') {
    navigator.geolocation.getCurrentPosition(success);
} else if (status.state === 'prompt') {
    showLocationRequestButton(); // User hasn't decided
} else {
    showEnableInSettingsMessage(); // Denied
}

status.onchange = () => updateUI(status.state);
Added 23 Mar 2026
Edited 5 Apr 2026
Views 25

Curated in Warsaw under one editorial standard. 1,444 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
1 ping W 0 pings T 0 pings F 0 pings S 3 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 1 ping S 1 ping M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 2 pings S 0 pings M 0 pings T 0 pings W 1 ping T 0 pings F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T
Agents 0
No pings yet today
No pings yesterday
Amazonbot 8 Unknown AI 4 Google 4 Perplexity 4 ChatGPT 1 Majestic 1 Meta AI 1 Ahrefs 1
Also referenced
Clipboard API 22 Web Share API 22 Geolocation API 19
How they use it
crawler 21 crawler_json 1 pre-tracking 2
Related categories
javascript 2.2k
DEV INTEL Tools & Severity
🟢 Low ⚙ Fix effort: Low
⚡ Quick Fix
Query permission state before requesting sensitive APIs. Show appropriate UI for each state (granted/prompt/denied). Listen to onchange for state updates.
📦 Applies To
javascript HTML5 web
🔗 Prerequisites
🔍 Detection Hints
permissions.query
Auto-detectable: ✗ No
🤖 AI Agent
Confidence: Low False Positives: High ✗ Manual fix Fix: Low Context: Function
✓ schema.org compliant