# Permissions

Permissions are needed to allow Homey apps to use certain Apps SDK functionality. Most Homey Apps don't need any permissions. In case a permission is not requested by the App, the manager methods that require that permission will throw an error.

Permissions are added to your [App Manifest](https://apps.developer.homey.app/the-basics/app/manifest) in an array named `permissions`.

{% code title="/.homeycompose/app.json" %}

```javascript
{
  "id": "com.athom.example",
  // ...
  "permissions": [
    "homey:wireless:ble",
    "homey:app:com.athom.example"
  ]
}
```

{% endcode %}

{% hint style="warning" %}
An app should only request permissions it actually needs to function.
{% endhint %}

{% hint style="warning" %}
Apps will not automatically update on Homey when new permissions are added.
{% endhint %}

## Available permissions

The following is a list of the permissions that an app may use.

| Permission                    | Description                                                                                                                                                         |
| ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `homey:manager:api`           | Allows an app to use the [ManagerApi](https://apps-sdk-v3.developer.homey.app/ManagerApi.html) methods to communicate with the Homey Web API.                       |
| `homey:manager:geolocation`   | With this permission an app can use [ManagerGeolocation](https://apps-sdk-v3.developer.homey.app/ManagerGeolocation.html) to get the current location of the Homey. |
| `homey:manager:ledring`       | Allows interacting with the Homeys LED Ring through [ManagerLedring](https://apps-sdk-v3.developer.homey.app/ManagerLedring.html).                                  |
| `homey:manager:speech-output` | This permission allows an app to make Homey speak using [ManagerSpeechOutput](https://apps-sdk-v3.developer.homey.app/ManagerSpeechOutput.html).                    |
| `homey:wireless:433`          | With this permission an app can call `getSignal433` on [ManagerRF](https://apps-sdk-v3.developer.homey.app/ManagerRF.html) to use the 433MHz antenna.               |
| `homey:wireless:868`          | With this permission an app can call `getSignal868` on [ManagerRF](https://apps-sdk-v3.developer.homey.app/ManagerRF.html) to use the 868MHz antenna.               |
| `homey:wireless:ir`           | With this permission an app can call `getSignalInfrared` on [ManagerRF](https://apps-sdk-v3.developer.homey.app/ManagerRF.html) to send IR signals.                 |
| `homey:wireless:ble`          | Enables an app to use [ManagerBLE](https://apps-sdk-v3.developer.homey.app/ManagerBLE.html) to discover Bluetooth devices and interact with them.                   |
| `homey:wireless:nfc`          | Allows an app to use [ManagerNFC](https://apps-sdk-v3.developer.homey.app/ManagerNFC.html) to be notified of scanned NFC tags                                       |

## Which apps may use the API permission?

The API permission (`"homey:manager:api"`) allows an app to access the Homey Web API. This web api can be used to control all of Homey (devices, Flows, etc) even if they are not part of the App that requested the permission. This level of access can be used to add new advanced functionality to Homey. However because an app receives complete control over the Homey it is installed on this permission should only be requested when it is the main functionality of your app.

{% hint style="warning" %}
Apps that request the API permission will be reviewed more carefully when published to the App Store. If the permission is not required for your app to function your app submission will be rejected.
{% endhint %}

As a rule of thumb, only apps that add functionality to Homey that can be categorised in the Tools section, should use the API permission. For example apps that are allowed to use the API permission are: a DIY Home Alarm system, HomeyScript and Device Groups. Examples of apps that should not use the API permission are: those that connect to a physical device, e.g. a branded app for lightbulbs, thermostats etc.

{% hint style="info" %}
Apps using the `homey:manager:api` permission are not allowed on Homey Cloud. Read more about this in the [Homey Cloud guide](https://apps.developer.homey.app/guides/homey-cloud).
{% endhint %}

## App-to-app communication

Apps can also talk to each other through their [Web API](https://apps.developer.homey.app/advanced/web-api), however you need to define the correct permissions first. Permissions for app to app communication look like this `homey:app:<appId>`, where the `appId` is that of the app you want to communicate with. For example `homey:app:com.athom.example` or `homey:app:com.yahoo.weather`.

{% hint style="info" %}
App-to-app communication is not supported on Homey Cloud. Read more about this in the [Homey Cloud guide](https://apps.developer.homey.app/guides/homey-cloud).
{% endhint %}

For more information about app-to-app communication read the [Web API guide](https://apps.developer.homey.app/advanced/web-api#app-to-app-communication).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://apps.developer.homey.app/the-basics/app/permissions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.