The browser by itself packs alot of powerful API functionalities. But most of the time these APIs that are provided can leak sensitive user information to the public. Think about geolocation, audio/video access (get camera access) etc and you’ll get an idea of the insecurities that it packs. Hence, there have been initiatives to make the use of these APIs more secure (I recently faced a problem at my company when chrome decided to deprecate the use of “Powerful Features” on insure origins). But most of the time the user has to prompted to gain access to these APIs. Actually, it seems to be not so.
Permission API provides a method to query the permission level for an API without triggering a request to the user for access. The simple example given below illustrates the mechanism:
Well, this allows us to check if the permission level is negative, if so we don’t ask the user permission to do something. We can also prompt the user in a less obstructive ways if needed.