{"lexicon":1,"id":"money.atmosphere.membership.getAccess","defs":{"accessTier":{"type":"object","required":["tier"],"properties":{"tier":{"type":"ref","ref":"com.atproto.repo.strongRef","description":"Matched money.atmosphere.membership.tier record."},"product":{"type":"ref","ref":"com.atproto.repo.strongRef","description":"Linked membership product, when known."},"price":{"type":"ref","ref":"com.atproto.repo.strongRef","description":"Linked recurring price, when known."},"rank":{"type":"integer","minimum":0,"description":"Resolved tier rank, when known."},"currentPeriodEndsAt":{"type":"string","format":"datetime","description":"When the current paid period ends, when available to the caller."}}},"main":{"type":"procedure","description":"Check whether a member currently has active access to a creator membership program or tier. Requires registered-app service-auth plus a fresh, single-use memberAssertionJwt issued by memberDid to ATM and scoped to this method. The assertion authenticates the member for a membership access check; it is not bound to the specific creator/program/tier query, so apps should mint it per check and never store or reuse it. Responses are personalized and must not be cached publicly. Deliberately a procedure rather than a query: the single-use member assertion is consumed (replay-protected) on each call, so the call is not a cacheable idempotent read.","input":{"encoding":"application/json","schema":{"type":"object","required":["memberDid","creatorDid","memberAssertionJwt"],"properties":{"memberDid":{"type":"string","format":"did","description":"Member DID to check. Must match memberAssertionJwt issuer."},"creatorDid":{"type":"string","format":"did","description":"Creator or project DID whose membership is being checked."},"memberAssertionJwt":{"type":"string","maxLength":8192,"description":"Short-lived, single-use user service-auth JWT issued by memberDid to ATM, scoped to money.atmosphere.membership.getAccess. It is method-scoped rather than creator/program/tier-scoped, so clients should mint it for one immediate access check and never persist it."},"environment":{"type":"string","knownValues":["test","live"],"maxLength":8,"description":"ATM app environment. Defaults to live."},"program":{"type":"string","format":"at-uri","description":"Optional money.atmosphere.membership.program AT-URI to check."},"tier":{"type":"string","format":"at-uri","description":"Optional money.atmosphere.membership.tier AT-URI to check. When absent, any active tier in the program may satisfy access."},"tierOrAbove":{"type":"boolean","default":false,"description":"When true, a matched tier with rank greater than or equal to the requested tier rank satisfies access. Defaults to exact tier/program access."}}}},"output":{"encoding":"application/json","schema":{"type":"object","required":["access","memberDid","creatorDid","checkedAt"],"properties":{"access":{"type":"boolean","description":"True when ATM found an active membership satisfying the request."},"memberDid":{"type":"string","format":"did"},"creatorDid":{"type":"string","format":"did"},"program":{"type":"ref","ref":"com.atproto.repo.strongRef","description":"Matched membership program, when resolved."},"tiers":{"type":"array","maxLength":16,"items":{"type":"ref","ref":"#accessTier"},"description":"Matched active tiers the caller is authorized to know about. Empty when access is false or only program-level access is known."},"checkedAt":{"type":"string","format":"datetime","description":"When ATM evaluated access."}}}},"errors":[{"name":"InvalidActor","description":"Member or creator DID is malformed."},{"name":"AppNotRegistered","description":"Caller is not a registered ATM app."},{"name":"NotAuthorized","description":"memberAssertionJwt is missing, invalid, or not issued by memberDid."}]}}}