> ## Documentation Index
> Fetch the complete documentation index at: https://docs.findable.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Resync indexer permissions (ACLs)

> Refreshes document-level permissions (ACLs) across the indexer's full data source, then triggers an indexer run to apply the resync. Required after permission changes on a SharePoint parent scope (site, library, list, or folder), or to backfill ACLs for content indexed before incremental ACL sync. Requires API version 2026-05-01-preview or later.




## OpenAPI

````yaml /api-reference/openapi.json post /azure/search/indexers/{indexer}/resync-permissions
openapi: 3.0.3
info:
  title: Findable API
  version: 3.2.38
  description: >
    REST API for the Findable AI Assistant platform.


    ## Authentication


    All endpoints (except `/server/setup` and `/server/bootstrap`) require a
    valid **Azure AD / Entra ID Bearer token**.


    ### Obtaining a token


    1. Register (or reuse) an **App Registration** in Azure Entra ID for your
    client.

    2. Under **API Permissions**, add a delegated permission for the Findable
    server app:
       `api://<SERVER_CLIENT_ID>/User.Read`
    3. Acquire a token using MSAL (or any OAuth 2.0 library) with the following
    parameters:


    | Parameter | Value |

    |-----------|-------|

    | Authority | `https://login.microsoftonline.com/<TENANT_ID>` |

    | Client ID | Your client app registration ID |

    | Scope | `api://<SERVER_CLIENT_ID>/User.Read` |

    | Grant type | Authorization Code (interactive) or Client Credentials
    (daemon) |


    ### Example (MSAL Node.js)


    ```javascript

    const { ConfidentialClientApplication } = require("@azure/msal-node");


    const cca = new ConfidentialClientApplication({
      auth: {
        clientId: "<YOUR_CLIENT_ID>",
        authority: "https://login.microsoftonline.com/<TENANT_ID>",
        clientSecret: "<YOUR_CLIENT_SECRET>",
      },
    });


    const result = await cca.acquireTokenByClientCredential({
      scopes: ["api://<SERVER_CLIENT_ID>/.default"],
    });


    // Use result.accessToken in the Authorization header

    ```


    ### Using the token


    Include the token in every request:

    ```

    Authorization: Bearer <access_token>

    ```


    ### Roles


    Access is determined by Azure AD group membership configured in the
    application settings:

    - **Admin (Owner)**: Full access to all endpoints including admin operations

    - **Contributor**: Can create and manage chats, files, and content

    - **User**: Read access to entitled chats and resources
  contact:
    name: Findable Support
  license:
    name: Proprietary
servers:
  - url: /server
    description: Application server (relative)
security:
  - BearerAuth: []
tags:
  - name: AI
    description: Chat completion and AI generation endpoints
  - name: Chats
    description: Chat configuration CRUD with ACL enforcement
  - name: Settings
    description: Application settings and health
  - name: Files
    description: Blob storage file operations
  - name: Search
    description: Azure AI Search resource management
  - name: User
    description: User profile, feedback, chat logs, and preferences
  - name: Flows
    description: FlowEngine flow designer operations
  - name: Prompts
    description: Prompt template management
  - name: Pages
    description: Navigation page management
  - name: Admin
    description: Administrative operations (admin-only)
  - name: Bootstrap
    description: Bootstrap seed data operations (admin-only)
  - name: Setup
    description: Initial application setup (pre-auth)
  - name: Cosmos
    description: Generic Cosmos DB CRUD operations
  - name: Tools
    description: Tool providers, web search, and utility tools
  - name: MCP
    description: Model Context Protocol server management
  - name: Telemetry
    description: Version, health, and API permission checks
  - name: SharePoint
    description: SharePoint entitlement management
  - name: Data Platform
    description: Data platform connection management
  - name: Vector Stores
    description: Vector store provider operations
  - name: OneDrive
    description: OneDrive personal file storage operations
  - name: Jobs
    description: Background job and scheduler management
  - name: Memory
    description: User and organizational memory operations
  - name: Slack
    description: >-
      Slack bot interactions and webhooks (public, uses Slack signature
      verification)
  - name: Teams
    description: Microsoft Teams bot webhooks and interactions
  - name: Human Input
    description: Human-in-the-loop input requests for flow executions
  - name: Datasources
    description: Datasource catalog CRUD with ACL enforcement
  - name: Assignments
    description: >-
      Assignment lifecycle: inbox, sent, create, launch, complete, delegate,
      reject, reassign, remind, and recurring schedules. Experimental feature —
      requires experimental flag enabled.
paths:
  /azure/search/indexers/{indexer}/resync-permissions:
    post:
      tags:
        - Search
      summary: Resync indexer permissions (ACLs)
      description: >
        Refreshes document-level permissions (ACLs) across the indexer's full
        data source, then triggers an indexer run to apply the resync. Required
        after permission changes on a SharePoint parent scope (site, library,
        list, or folder), or to backfill ACLs for content indexed before
        incremental ACL sync. Requires API version 2026-05-01-preview or later.
      parameters:
        - in: path
          name: indexer
          required: true
          schema:
            type: string
        - in: query
          name: searchEndpointId
          schema:
            type: string
          description: Override AI Search endpoint (default system default)
      responses:
        '200':
          description: Permission resync initiated
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: Azure AD access token obtained via MSAL

````