What’s the error you get?
Are you adding the permissions to a regular user or admin user?
API is enabled only for admin or for all users? You can check it from command line with this:
v-list-sys-config json | jq -r '.[].API_SYSTEM'
If you get 0 API is disabled, 1 allow only for admin, 2 allow for all users.
Just to check… I’ve created a new permission testperm
# cat /usr/local/hestia/data/api/testperm
ROLE='user'
COMMANDS='v-list-web-domains,v-list-sys-services'
I’ve created a new access key to a regular user named also test.
# v-add-access-key test testperm
ACCESS_KEY_ID: HereTheAccessKey
SECRET_ACCESS_KEY: HereTheSecretKey
USER: test
PERMISSIONS: testperm
COMMENT:
TIME: 11:22:02
DATE: 2023-08-26
In case you find it useful, I’ve created a simple wrapper bash script to talk to hestia api that you could use to test it, just save it, modify the first 4 variables with your data, save it, give execution perms and execute it. Using it is really simply, ./the_nameof_script hestia_command arg1 arg2 etc.
just like you will use the hestia commands in your server but preceding it by the name of the wrapper script.
#!/usr/bin/env bash
# You must edit these variables with the right data
host="hestiacp.example.com"
port="8083"
access_key="HereYourAccessKey"
secret_key="HereYourSecretKey"
##########################################
# Check number of arguments (max 12)
narguments="$#"
arguments="$((narguments - 1))"
max_args=12
if [[ $arguments -gt $max_args ]]; then
echo "Error: Only allowed the command and $max_args arguments and you are using $arguments arguments"
exit 1
fi
# url, returncode, cmd and argument variables
api_url="https://${host}:${port}/api/"
rc="no"
cmd="${1-v-list-users}"
arg1="$2"
arg2="$3"
arg3="$4"
arg4="$5"
arg5="$6"
arg6="$7"
arg7="$8"
arg8="$9"
arg9="$10"
arg10="$11"
arg11="$12"
arg12="$13"
if ! echo "$cmd" | grep -q '^v-'; then
echo "Error: $cmd doesn't seem a valid Hestia command"
exit 1
fi
if [[ "$arguments" -gt 0 ]]; then
i=1
arg_data=""
while [[ $i -le $arguments ]]; do
arg_data="${arg_data},\"arg$i\":\"$(eval echo \$arg$i)\""
((++i))
done
fi
curl -s -X POST -d "{\"access_key\":\"${access_key}\",\"secret_key\":\"${secret_key}\",\"returncode\":\"$rc\",\"cmd\":\"$cmd\""${arg_data}"}" "${api_url}"
Edit: I forgot to say that it worked 
$ ./api_hestiacp_test
Error: Key HereMyAccessKey don't have permission to run the command v-list-users
$ ./api_hestiacp_test v-list-sys-services
NAME STATE CPU MEM UPTIME
---- ----- --- --- ------
nginx running 0 197 2144
php7.4-fpm running 0 12 2144
php8.0-fpm running 0 12 2144
php8.1-fpm running 0 12 2144
php8.2-fpm running 0 13 2144
exim4 running 0 47 2144
dovecot running 0 0 2144
spamd running 0 448 8563
postgresql running 0 13 8563
mariadb running 0 703 8563
vsftpd running 0 0 2144
cron running 0 1 8563
ssh running 0 15 8564
iptables running 0 0 0
fail2ban running 0.2 171 8563
$ ./api_hestiacp_test v-list-web-domains test
DOMAIN IP TPL SSL DISK BW SPND DATE
------ -- --- --- ---- -- ---- -----
test.example.com 203.0.113.1 default no 61 0 no 2023-08-14
I hope this helps.
Cheers,
sahsanu