## POST /api/v2/shared-hosting/{accountId}/database-users/{username}/privileges

**Grant database privileges**

Grant privileges for a database user on one database. Get `{username}` from the database-users list and `database` from `GET /api/v2/shared-hosting/{accountId}/databases` `databases[].name`. Sending `ALL PRIVILEGES` replaces the list with full privileges; lower-case aliases such as `select` are accepted but docs should send canonical values.

### Related Endpoints

- `DELETE /api/v2/shared-hosting/{accountId}/database-users/{username}/privileges`: Revoke database privileges
- `DELETE /api/v2/shared-hosting/{accountId}/database-users/{username}`: Delete database user
- `PUT /api/v2/shared-hosting/{accountId}/database-users/{username}/password`: Reset database user password

### Headers

- `Accept`: application/json
- `Authorization`: Bearer YOUR_API_KEY
- Required API scopes: `write:hosting`, `console:services`
- `Content-Type`: application/json

### Parameters

- `accountId` (path, string, required): Public shared-hosting account ID from `GET /api/v2/shared-hosting` `data[].id`. Do not invent this value; use the exact ID returned by the referenced API response. Example: `acct_01hxa3b4c5d6e7f8g9h0j1k2m3`
- `username` (path, string, required): Database user public ID or raw username from `GET /api/v2/shared-hosting/{accountId}/database-users`. Example: `example-user`

### Request Body

- `database` (string, required) Example: `abcde_wp_example`
- `privileges` (array<string>, required) Example: `["SELECT","INSERT","UPDATE"]`

### Request Examples

#### Grant database privileges

```bash
curl -X POST "https://cloud.hostup.se/api/v2/shared-hosting/acct_01hxa3b4c5d6e7f8g9h0j1k2m3/database-users/example-user/privileges" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -d '{
    "database": "abcde_wp_example",
    "privileges": [
      "SELECT",
      "INSERT",
      "UPDATE"
    ]
  }'
```

```json
{
  "database": "abcde_wp_example",
  "privileges": [
    "SELECT",
    "INSERT",
    "UPDATE"
  ]
}
```

### Response Schema

- `username` (string, required) Example: `appuser`
- `database` (string, required) Example: `abcde_wp_example`
- `privileges` (array<string>, required) Example: `["SELECT","INSERT","UPDATE"]`

### Responses

#### 200 - Database privileges granted.
```json
{
  "username": "appuser",
  "database": "abcde_wp_example",
  "privileges": [
    "SELECT",
    "INSERT",
    "UPDATE"
  ]
}
```

#### 400 - Invalid request. The response body is an RFC 7807 Problem Details document.
```json
{
  "type": "https://developer.hostup.se/errors/invalid_request",
  "title": "Invalid request",
  "status": 400,
  "detail": "The request body failed validation.",
  "code": "invalid_request",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z",
  "errors": [
    {
      "pointer": "/items/0/domainName",
      "detail": "`domainName` is required.",
      "code": "invalid_request"
    }
  ]
}
```

#### 401 - Unauthorized. Authentication is required.
```json
{
  "type": "https://developer.hostup.se/errors/unauthorized",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Authentication is required.",
  "code": "unauthorized",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 403 - Forbidden. The caller lacks a required scope or does not own the resource.
```json
{
  "type": "https://developer.hostup.se/errors/forbidden",
  "title": "Forbidden",
  "status": 403,
  "detail": "The caller lacks a required scope or does not own the resource.",
  "code": "forbidden",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 404 - Not found. The resource does not exist or is not owned by the caller.
```json
{
  "type": "https://developer.hostup.se/errors/not_found",
  "title": "Not found",
  "status": 404,
  "detail": "The requested resource could not be found.",
  "code": "not_found",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 429 - Rate limited. Retry after the limit resets. 429 responses include `Retry-After` seconds plus `X-RateLimit-*` headers.
```json
{
  "type": "https://developer.hostup.se/errors/rate_limit_exceeded",
  "title": "Too many requests",
  "status": 429,
  "detail": "Too many requests. Retry after the limit resets.",
  "code": "rate_limit_exceeded",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```

#### 500 - Internal error. Retry later or contact support if the issue persists.
```json
{
  "type": "https://developer.hostup.se/errors/internal_error",
  "title": "Internal server error",
  "status": 500,
  "detail": "An unexpected error occurred. Retry later or contact support if the issue persists.",
  "code": "internal_error",
  "instance": "/api/v2/resource",
  "requestId": "req_01hxa3b4c5d6e7f8g9h0j1k2m3",
  "timestamp": "2026-04-27T12:34:56.000Z"
}
```