diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 5f1731071..8f4d59f54 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -69,5 +69,6 @@ class Kernel extends HttpKernel
         'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
         'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class,
         'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class,
+        'api.ability' => \App\Http\Middleware\ApiAbility::class,
     ];
 }
diff --git a/app/Http/Middleware/ApiAbility.php b/app/Http/Middleware/ApiAbility.php
new file mode 100644
index 000000000..96bf4f471
--- /dev/null
+++ b/app/Http/Middleware/ApiAbility.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Laravel\Sanctum\Http\Middleware\CheckForAnyAbility;
+
+class ApiAbility extends CheckForAnyAbility
+{
+    public function handle($request, $next, ...$abilities)
+    {
+        try {
+            return parent::handle($request, $next, ...$abilities);
+        } catch (\Illuminate\Auth\AuthenticationException $e) {
+            return response()->json([
+                'message' => 'Unauthenticated.',
+            ], 401);
+        } catch (\Exception $e) {
+            return response()->json([
+                'message' => 'Missing required permissions: '.implode(', ', $abilities),
+            ], 403);
+        }
+    }
+}
diff --git a/app/Livewire/Security/ApiTokens.php b/app/Livewire/Security/ApiTokens.php
index 6e58df0f0..be11e0bda 100644
--- a/app/Livewire/Security/ApiTokens.php
+++ b/app/Livewire/Security/ApiTokens.php
@@ -26,14 +26,20 @@ class ApiTokens extends Component
         $this->tokens = auth()->user()->tokens->sortByDesc('created_at');
     }
 
-    public function updated()
+    public function updatedPermissions($permissionToUpdate)
     {
-        if (count($this->permissions) == 0) {
-            $this->permissions = ['read'];
-        }
-        if (in_array('read:sensitive', $this->permissions) && !in_array('read', $this->permissions)) {
+        if ($permissionToUpdate == 'write') {
+            $this->permissions = ['write', 'deploy', 'read', 'read:sensitive'];
+        } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) {
             $this->permissions[] = 'read';
+        } elseif ($permissionToUpdate == 'deploy') {
+            $this->permissions = ['deploy'];
+        } else {
+            if (count($this->permissions) == 0) {
+                $this->permissions = ['read'];
+            }
         }
+        sort($this->permissions);
     }
 
     public function addNewToken()
diff --git a/database/migrations/2024_10_30_074601_rename_token_permissions.php b/database/migrations/2024_10_30_074601_rename_token_permissions.php
index d35d75481..2021ba287 100644
--- a/database/migrations/2024_10_30_074601_rename_token_permissions.php
+++ b/database/migrations/2024_10_30_074601_rename_token_permissions.php
@@ -2,8 +2,6 @@
 
 use App\Models\PersonalAccessToken;
 use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\Schema;
 
 return new class extends Migration
 {
@@ -12,14 +10,24 @@ return new class extends Migration
      */
     public function up(): void
     {
-        $tokens = PersonalAccessToken::all();
-        foreach ($tokens as $token) {
-            $abilities = collect();
-            if (in_array('*', $token->abilities)) $abilities->push('write', 'read', 'read:sensitive');
-            if (in_array('read-only', $token->abilities)) $abilities->push('read');
-            if (in_array('view:sensitive', $token->abilities)) $abilities->push('read', 'read:sensitive');
-            $token->abilities = $abilities->unique()->values()->all();
-            $token->save();
+        try {
+            $tokens = PersonalAccessToken::all();
+            foreach ($tokens as $token) {
+                $abilities = collect();
+                if (in_array('*', $token->abilities)) {
+                    $abilities->push('write', 'deploy', 'read', 'read:sensitive');
+                }
+                if (in_array('read-only', $token->abilities)) {
+                    $abilities->push('read');
+                }
+                if (in_array('view:sensitive', $token->abilities)) {
+                    $abilities->push('read', 'read:sensitive');
+                }
+                $token->abilities = $abilities->unique()->values()->all();
+                $token->save();
+            }
+        } catch (\Exception $e) {
+            \Log::error('Error renaming token permissions: '.$e->getMessage());
         }
     }
 
@@ -28,17 +36,25 @@ return new class extends Migration
      */
     public function down(): void
     {
-        $tokens = PersonalAccessToken::all();
-        foreach ($tokens as $token) {
-            $abilities = collect();
-            if (in_array('write', $token->abilities)) {
-                $abilities->push('*');
-            } else {
-                if (in_array('read', $token->abilities)) $abilities->push('read-only');
-                if (in_array('read:sensitive', $token->abilities)) $abilities->push('view:sensitive');
+        try {
+            $tokens = PersonalAccessToken::all();
+            foreach ($tokens as $token) {
+                $abilities = collect();
+                if (in_array('write', $token->abilities)) {
+                    $abilities->push('*');
+                } else {
+                    if (in_array('read', $token->abilities)) {
+                        $abilities->push('read-only');
+                    }
+                    if (in_array('read:sensitive', $token->abilities)) {
+                        $abilities->push('view:sensitive');
+                    }
+                }
+                $token->abilities = $abilities->unique()->values()->all();
+                $token->save();
             }
-            $token->abilities = $abilities->unique()->values()->all();
-            $token->save();
+        } catch (\Exception $e) {
+            \Log::error('Error renaming token permissions: '.$e->getMessage());
         }
     }
 };
diff --git a/resources/views/components/forms/checkbox.blade.php b/resources/views/components/forms/checkbox.blade.php
index fb244962d..39704a122 100644
--- a/resources/views/components/forms/checkbox.blade.php
+++ b/resources/views/components/forms/checkbox.blade.php
@@ -5,8 +5,8 @@
     'disabled' => false,
     'instantSave' => false,
     'value' => null,
+    'domValue' => null,
     'checked' => false,
-    'hideLabel' => false,
     'fullWidth' => false,
 ])
 
@@ -14,26 +14,32 @@
     'flex flex-row items-center gap-4 pr-2 py-1 form-control min-w-fit dark:hover:bg-coolgray-100',
     'w-full' => $fullWidth,
 ])>
-    @if (!$hideLabel)
-        <label @class([
-            'flex gap-4 items-center px-0 min-w-fit label w-full cursor-pointer',
-        ])>
-            <span class="flex flex-grow gap-2">
-                @if ($label)
-                    {!! $label !!}
-                @else
-                    {{ $id }}
-                @endif
-                @if ($helper)
-                    <x-helper :helper="$helper" />
-                @endif
-            </span>
-    @endif
-    <input @disabled($disabled) type="checkbox" {{ $attributes->merge(['class' => $defaultClass]) }}
-        @if ($instantSave) wire:loading.attr="disabled" wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
-        @if ($checked) checked @endif
-    wire:model={{ $id }} @else wire:model={{ $value ?? $id }} @endif />
-    @if (!$hideLabel)
-        </label>
-    @endif
+    <label @class([
+        'flex gap-4 items-center px-0 min-w-fit label w-full cursor-pointer',
+    ])>
+        <span class="flex flex-grow gap-2">
+            @if ($label)
+                {!! $label !!}
+            @else
+                {{ $id }}
+            @endif
+            @if ($helper)
+                <x-helper :helper="$helper" />
+            @endif
+        </span>
+        @if ($instantSave)
+            <input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
+                wire:loading.attr="disabled"
+                wire:click='{{ $instantSave === 'instantSave' || $instantSave == '1' ? 'instantSave' : $instantSave }}'
+                wire:model={{ $id }} @if ($checked) checked @endif />
+        @else
+            @if ($domValue)
+                <input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
+                    value={{ $domValue }} @if ($checked) checked @endif />
+            @else
+                <input type="checkbox" @disabled($disabled) {{ $attributes->merge(['class' => $defaultClass]) }}
+                    wire:model={{ $value ?? $id }} @if ($checked) checked @endif />
+            @endif
+        @endif
+    </label>
 </div>
diff --git a/resources/views/livewire/security/api-tokens.blade.php b/resources/views/livewire/security/api-tokens.blade.php
index b3ef9241b..b07f1f1cf 100644
--- a/resources/views/livewire/security/api-tokens.blade.php
+++ b/resources/views/livewire/security/api-tokens.blade.php
@@ -30,21 +30,24 @@
                 @endif
             </div>
         </div>
+
+        <h4>Token Permissions</h4>
+        <div class="w-64">
+            <x-forms.checkbox label="write" wire:model.live="permissions" domValue="write"
+                helper="Root access, be careful!" :checked="in_array('write', $permissions)"></x-forms.checkbox>
+            @if (!in_array('write', $permissions))
+                <x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy"
+                    helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
+                <x-forms.checkbox label="read" domValue="read" wire:model.live="permissions" domValue="read"
+                    :checked="in_array('read', $permissions)"></x-forms.checkbox>
+                <x-forms.checkbox label="read:sensitive" wire:model.live="permissions" domValue="read:sensitive"
+                    helper="Responses will include secrets, logs, passwords, and compose file contents"
+                    :checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
+            @endif
+        </div>
         @if (in_array('write', $permissions))
             <div class="font-bold text-warning">Root access, be careful!</div>
         @endif
-        <h4>Token Permissions</h4>
-        <div class="w-64">
-            <x-forms.checkbox label="read" wire:model.live="permissions" value="read"
-                :checked="in_array('read', $permissions)"></x-forms.checkbox>
-            <x-forms.checkbox label="read:sensitive" wire:model.live="permissions" value="read:sensitive"
-                helper="Responses will include secrets, logs, passwords, and compose file contents"
-                :checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
-            <x-forms.checkbox label="write" wire:model.live="permissions" value="write"
-                helper="Root access, be careful!" :checked="in_array('write', $permissions)"></x-forms.checkbox>
-            <x-forms.checkbox label="deploy" wire:model.live="permissions" value="deploy"
-                helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
-        </div>
     </form>
     @if (session()->has('token'))
         <div class="py-4 font-bold dark:text-warning">Please copy this token now. For your security, it won't be shown
@@ -60,7 +63,7 @@
                 <div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div>
                 <div class="flex gap-1">
                     @if ($token->abilities)
-                        Abilities:
+                        Permissions:
                         @foreach ($token->abilities as $ability)
                             <div class="font-bold dark:text-white">{{ $ability }}</div>
                         @endforeach
diff --git a/routes/api.php b/routes/api.php
index 6c1a5b65c..90c834823 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -19,7 +19,7 @@ Route::get('/health', [OtherController::class, 'healthcheck']);
 Route::post('/feedback', [OtherController::class, 'feedback']);
 
 Route::group([
-    'middleware' => ['auth:sanctum', 'ability:write'],
+    'middleware' => ['auth:sanctum', 'api.ability:write'],
     'prefix' => 'v1',
 ], function () {
     Route::get('/enable', [OtherController::class, 'enable_api']);
@@ -29,103 +29,103 @@ Route::group([
     'middleware' => ['auth:sanctum', ApiAllowed::class],
     'prefix' => 'v1',
 ], function () {
-    Route::get('/version', [OtherController::class, 'version'])->middleware(['ability:read']);
+    Route::get('/version', [OtherController::class, 'version'])->middleware(['api.ability:read']);
 
-    Route::get('/teams', [TeamController::class, 'teams'])->middleware(['ability:read']);
-    Route::get('/teams/current', [TeamController::class, 'current_team'])->middleware(['ability:read']);
-    Route::get('/teams/current/members', [TeamController::class, 'current_team_members'])->middleware(['ability:read']);
-    Route::get('/teams/{id}', [TeamController::class, 'team_by_id'])->middleware(['ability:read']);
-    Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id'])->middleware(['ability:read']);
+    Route::get('/teams', [TeamController::class, 'teams'])->middleware(['api.ability:read']);
+    Route::get('/teams/current', [TeamController::class, 'current_team'])->middleware(['api.ability:read']);
+    Route::get('/teams/current/members', [TeamController::class, 'current_team_members'])->middleware(['api.ability:read']);
+    Route::get('/teams/{id}', [TeamController::class, 'team_by_id'])->middleware(['api.ability:read']);
+    Route::get('/teams/{id}/members', [TeamController::class, 'members_by_id'])->middleware(['api.ability:read']);
 
-    Route::get('/projects', [ProjectController::class, 'projects'])->middleware(['ability:read']);
-    Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid'])->middleware(['ability:read']);
-    Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details'])->middleware(['ability:read']);
+    Route::get('/projects', [ProjectController::class, 'projects'])->middleware(['api.ability:read']);
+    Route::get('/projects/{uuid}', [ProjectController::class, 'project_by_uuid'])->middleware(['api.ability:read']);
+    Route::get('/projects/{uuid}/{environment_name}', [ProjectController::class, 'environment_details'])->middleware(['api.ability:read']);
 
-    Route::post('/projects', [ProjectController::class, 'create_project'])->middleware(['ability:read']);
-    Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project'])->middleware(['ability:write']);
-    Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project'])->middleware(['ability:write']);
+    Route::post('/projects', [ProjectController::class, 'create_project'])->middleware(['api.ability:read']);
+    Route::patch('/projects/{uuid}', [ProjectController::class, 'update_project'])->middleware(['api.ability:write']);
+    Route::delete('/projects/{uuid}', [ProjectController::class, 'delete_project'])->middleware(['api.ability:write']);
 
-    Route::get('/security/keys', [SecurityController::class, 'keys'])->middleware(['ability:read']);
-    Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware(['ability:write']);
+    Route::get('/security/keys', [SecurityController::class, 'keys'])->middleware(['api.ability:read']);
+    Route::post('/security/keys', [SecurityController::class, 'create_key'])->middleware(['api.ability:write']);
 
-    Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid'])->middleware(['ability:read']);
-    Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware(['ability:write']);
-    Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware(['ability:write']);
+    Route::get('/security/keys/{uuid}', [SecurityController::class, 'key_by_uuid'])->middleware(['api.ability:read']);
+    Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware(['api.ability:write']);
+    Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware(['api.ability:write']);
 
-    Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware(['ability:write,deploy']);
-    Route::get('/deployments', [DeployController::class, 'deployments'])->middleware(['ability:read']);
-    Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid'])->middleware(['ability:read']);
+    Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware(['api.ability:write,deploy']);
+    Route::get('/deployments', [DeployController::class, 'deployments'])->middleware(['api.ability:read']);
+    Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid'])->middleware(['api.ability:read']);
 
-    Route::get('/servers', [ServersController::class, 'servers'])->middleware(['ability:read']);
-    Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid'])->middleware(['ability:read']);
-    Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server'])->middleware(['ability:read']);
-    Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server'])->middleware(['ability:read']);
+    Route::get('/servers', [ServersController::class, 'servers'])->middleware(['api.ability:read']);
+    Route::get('/servers/{uuid}', [ServersController::class, 'server_by_uuid'])->middleware(['api.ability:read']);
+    Route::get('/servers/{uuid}/domains', [ServersController::class, 'domains_by_server'])->middleware(['api.ability:read']);
+    Route::get('/servers/{uuid}/resources', [ServersController::class, 'resources_by_server'])->middleware(['api.ability:read']);
 
-    Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server'])->middleware(['ability:read']);
+    Route::get('/servers/{uuid}/validate', [ServersController::class, 'validate_server'])->middleware(['api.ability:read']);
 
-    Route::post('/servers', [ServersController::class, 'create_server'])->middleware(['ability:read']);
-    Route::patch('/servers/{uuid}', [ServersController::class, 'update_server'])->middleware(['ability:write']);
-    Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server'])->middleware(['ability:write']);
+    Route::post('/servers', [ServersController::class, 'create_server'])->middleware(['api.ability:read']);
+    Route::patch('/servers/{uuid}', [ServersController::class, 'update_server'])->middleware(['api.ability:write']);
+    Route::delete('/servers/{uuid}', [ServersController::class, 'delete_server'])->middleware(['api.ability:write']);
 
-    Route::get('/resources', [ResourcesController::class, 'resources'])->middleware(['ability:read']);
+    Route::get('/resources', [ResourcesController::class, 'resources'])->middleware(['api.ability:read']);
 
-    Route::get('/applications', [ApplicationsController::class, 'applications'])->middleware(['ability:read']);
-    Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware(['ability:write']);
-    Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware(['ability:write']);
-    Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware(['ability:write']);
-    Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware(['ability:write']);
-    Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware(['ability:write']);
-    Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware(['ability:write']);
+    Route::get('/applications', [ApplicationsController::class, 'applications'])->middleware(['api.ability:read']);
+    Route::post('/applications/public', [ApplicationsController::class, 'create_public_application'])->middleware(['api.ability:write']);
+    Route::post('/applications/private-github-app', [ApplicationsController::class, 'create_private_gh_app_application'])->middleware(['api.ability:write']);
+    Route::post('/applications/private-deploy-key', [ApplicationsController::class, 'create_private_deploy_key_application'])->middleware(['api.ability:write']);
+    Route::post('/applications/dockerfile', [ApplicationsController::class, 'create_dockerfile_application'])->middleware(['api.ability:write']);
+    Route::post('/applications/dockerimage', [ApplicationsController::class, 'create_dockerimage_application'])->middleware(['api.ability:write']);
+    Route::post('/applications/dockercompose', [ApplicationsController::class, 'create_dockercompose_application'])->middleware(['api.ability:write']);
 
-    Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid'])->middleware(['ability:read']);
-    Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware(['ability:write']);
-    Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware(['ability:write']);
+    Route::get('/applications/{uuid}', [ApplicationsController::class, 'application_by_uuid'])->middleware(['api.ability:read']);
+    Route::patch('/applications/{uuid}', [ApplicationsController::class, 'update_by_uuid'])->middleware(['api.ability:write']);
+    Route::delete('/applications/{uuid}', [ApplicationsController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
 
-    Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs'])->middleware(['ability:read']);
-    Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware(['ability:write']);
-    Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware(['ability:write']);
-    Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware(['ability:write']);
-    Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware(['ability:write']);
+    Route::get('/applications/{uuid}/envs', [ApplicationsController::class, 'envs'])->middleware(['api.ability:read']);
+    Route::post('/applications/{uuid}/envs', [ApplicationsController::class, 'create_env'])->middleware(['api.ability:write']);
+    Route::patch('/applications/{uuid}/envs/bulk', [ApplicationsController::class, 'create_bulk_envs'])->middleware(['api.ability:write']);
+    Route::patch('/applications/{uuid}/envs', [ApplicationsController::class, 'update_env_by_uuid'])->middleware(['api.ability:write']);
+    Route::delete('/applications/{uuid}/envs/{env_uuid}', [ApplicationsController::class, 'delete_env_by_uuid'])->middleware(['api.ability:write']);
     // Route::post('/applications/{uuid}/execute', [ApplicationsController::class, 'execute_command_by_uuid'])->middleware(['ability:write']);
 
-    Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware(['ability:write']);
+    Route::match(['get', 'post'], '/applications/{uuid}/start', [ApplicationsController::class, 'action_deploy'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/applications/{uuid}/restart', [ApplicationsController::class, 'action_restart'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/applications/{uuid}/stop', [ApplicationsController::class, 'action_stop'])->middleware(['api.ability:write']);
 
-    Route::get('/databases', [DatabasesController::class, 'databases'])->middleware(['ability:read']);
-    Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware(['ability:write']);
-    Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware(['ability:write']);
-    Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware(['ability:write']);
-    Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware(['ability:write']);
-    Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware(['ability:write']);
-    Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware(['ability:write']);
-    Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware(['ability:write']);
-    Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware(['ability:write']);
+    Route::get('/databases', [DatabasesController::class, 'databases'])->middleware(['api.ability:read']);
+    Route::post('/databases/postgresql', [DatabasesController::class, 'create_database_postgresql'])->middleware(['api.ability:write']);
+    Route::post('/databases/mysql', [DatabasesController::class, 'create_database_mysql'])->middleware(['api.ability:write']);
+    Route::post('/databases/mariadb', [DatabasesController::class, 'create_database_mariadb'])->middleware(['api.ability:write']);
+    Route::post('/databases/mongodb', [DatabasesController::class, 'create_database_mongodb'])->middleware(['api.ability:write']);
+    Route::post('/databases/redis', [DatabasesController::class, 'create_database_redis'])->middleware(['api.ability:write']);
+    Route::post('/databases/clickhouse', [DatabasesController::class, 'create_database_clickhouse'])->middleware(['api.ability:write']);
+    Route::post('/databases/dragonfly', [DatabasesController::class, 'create_database_dragonfly'])->middleware(['api.ability:write']);
+    Route::post('/databases/keydb', [DatabasesController::class, 'create_database_keydb'])->middleware(['api.ability:write']);
 
-    Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid'])->middleware(['ability:read']);
-    Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware(['ability:write']);
-    Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware(['ability:write']);
+    Route::get('/databases/{uuid}', [DatabasesController::class, 'database_by_uuid'])->middleware(['api.ability:read']);
+    Route::patch('/databases/{uuid}', [DatabasesController::class, 'update_by_uuid'])->middleware(['api.ability:write']);
+    Route::delete('/databases/{uuid}', [DatabasesController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
 
-    Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware(['ability:write']);
+    Route::match(['get', 'post'], '/databases/{uuid}/start', [DatabasesController::class, 'action_deploy'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/databases/{uuid}/restart', [DatabasesController::class, 'action_restart'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/databases/{uuid}/stop', [DatabasesController::class, 'action_stop'])->middleware(['api.ability:write']);
 
-    Route::get('/services', [ServicesController::class, 'services'])->middleware(['ability:read']);
-    Route::post('/services', [ServicesController::class, 'create_service'])->middleware(['ability:write']);
+    Route::get('/services', [ServicesController::class, 'services'])->middleware(['api.ability:read']);
+    Route::post('/services', [ServicesController::class, 'create_service'])->middleware(['api.ability:write']);
 
-    Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid'])->middleware(['ability:read']);
+    Route::get('/services/{uuid}', [ServicesController::class, 'service_by_uuid'])->middleware(['api.ability:read']);
     // Route::patch('/services/{uuid}', [ServicesController::class, 'update_by_uuid'])->middleware(['ability:write']);
-    Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware(['ability:write']);
+    Route::delete('/services/{uuid}', [ServicesController::class, 'delete_by_uuid'])->middleware(['api.ability:write']);
 
-    Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs'])->middleware(['ability:read']);
-    Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware(['ability:write']);
-    Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware(['ability:write']);
-    Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware(['ability:write']);
-    Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware(['ability:write']);
+    Route::get('/services/{uuid}/envs', [ServicesController::class, 'envs'])->middleware(['api.ability:read']);
+    Route::post('/services/{uuid}/envs', [ServicesController::class, 'create_env'])->middleware(['api.ability:write']);
+    Route::patch('/services/{uuid}/envs/bulk', [ServicesController::class, 'create_bulk_envs'])->middleware(['api.ability:write']);
+    Route::patch('/services/{uuid}/envs', [ServicesController::class, 'update_env_by_uuid'])->middleware(['api.ability:write']);
+    Route::delete('/services/{uuid}/envs/{env_uuid}', [ServicesController::class, 'delete_env_by_uuid'])->middleware(['api.ability:write']);
 
-    Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware(['ability:write']);
-    Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware(['ability:write']);
+    Route::match(['get', 'post'], '/services/{uuid}/start', [ServicesController::class, 'action_deploy'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/services/{uuid}/restart', [ServicesController::class, 'action_restart'])->middleware(['api.ability:write']);
+    Route::match(['get', 'post'], '/services/{uuid}/stop', [ServicesController::class, 'action_stop'])->middleware(['api.ability:write']);
 });
 
 Route::group([