> ## Documentation Index
> Fetch the complete documentation index at: https://docs.yo-lead.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Capabilities

> Control which iframe features are available.

Capabilities are UI/runtime flags for the embedded YoLead interface. The backend still validates access and state before allowing any action.

<Note>
  Capabilities control iframe UI features. They do not replace API key scope checks, employee access checks, chat access checks, or ticket state validation.
</Note>

Supported capabilities:

| Capability           | Effect                                                                       | Scope                |
| -------------------- | ---------------------------------------------------------------------------- | -------------------- |
| `showChatsList`      | Allows the iframe to show the chats list and open chat pages from that list. | `read`, `read-write` |
| `showChatPage`       | Allows the iframe to show a specific chat page.                              | `read`, `read-write` |
| `showSendInput`      | Allows message input to be shown.                                            | `read-write`         |
| `showStatusButton`   | Allows ticket status controls to be shown.                                   | `read-write`         |
| `showAssigneeButton` | Allows assignee controls to be shown.                                        | `read-write`         |

Scope limits:

| API key scope | Allowed capabilities            |
| ------------- | ------------------------------- |
| `read`        | `showChatsList`, `showChatPage` |
| `read-write`  | All capabilities                |

If `showChatPage` is requested without `showChatsList`, `chatId` is required.

If a `read` key requests write capabilities, YoLead silently removes those capabilities from the effective session. The response `capabilities` field shows what was actually granted. If no view capability remains after filtering, session creation fails.

## View capabilities

At least one view capability must be enabled:

* `showChatsList`
* `showChatPage`

Without a view capability, the iframe has no screen to render and session creation fails.

## Single-chat restriction

When `showChatPage` is used without `showChatsList`, the session must be tied to a specific `chatId`. In that case, the response includes `allowedChatId`, and the iframe token is scoped to that chat.
