To validate if an user has the permissions necessary to do an action, you had some options.
You can check on the user's JWT, if you have lefted the option enabled on the group settings, then, the user will have in their jwt the permissions key that have all their permissions in an array.
If you don't, you can check through some another integration route.
Can
POST/api/v1/can
This route is to check the permissions of the users of your application.
{
permission: string,
memberId: string
}
You pass the permission that you want and the member id that you want to check.
Response 200
{
can: boolean
}