Index: TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/Blacklist.cs
===================================================================
--- TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/Blacklist.cs	(revision 462)
+++ TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/Blacklist.cs	(revision 485)
@@ -100,5 +100,5 @@
 			}
 
-			if (PlatformUserIdentifierAbs.TryFromCombinedString (id, out _userId)) {
+			if (!PlatformUserIdentifierAbs.TryFromCombinedString (id, out _userId)) {
 				SendEmptyResponse (_context, HttpStatusCode.BadRequest, _jsonInputData, "INVALID_USER");
 				return false;
Index: TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/CommandPermissions.openapi.yaml
===================================================================
--- TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/CommandPermissions.openapi.yaml	(revision 462)
+++ TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/CommandPermissions.openapi.yaml	(revision 485)
@@ -55,5 +55,5 @@
 
 paths:
-  /api/commandpermission:
+  /api/commandpermissions:
     get:
       tags:
@@ -85,5 +85,5 @@
 
 
-  /api/commandpermission/{command}:
+  /api/commandpermissions/{command}:
 #    get:
 #      tags:
Index: TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs
===================================================================
--- TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs	(revision 462)
+++ TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/RegisterUser.cs	(revision 485)
@@ -83,6 +83,6 @@
 				// Username already exists
 
-				if (!PlatformUserIdentifierAbs.Equals (existingMapping.PlatformUser, regData.PlatformUserId) ||
-				    !PlatformUserIdentifierAbs.Equals (existingMapping.CrossPlatformUser, regData.CrossPlatformUserId)) {
+				if (!Equals (existingMapping.PlatformUser, regData.PlatformUserId) ||
+				    !Equals (existingMapping.CrossPlatformUser, regData.CrossPlatformUserId)) {
 					// Username already in use by another player
 					SendEmptyResponse (_context, HttpStatusCode.Unauthorized, _jsonInputData, "DUPLICATE_USERNAME");
Index: TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/WebModules.openapi.yaml
===================================================================
--- TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/WebModules.openapi.yaml	(revision 462)
+++ TFP-WebServer/WebServer/src/WebAPI/APIs/Permissions/WebModules.openapi.yaml	(revision 485)
@@ -59,11 +59,22 @@
             type: object
             properties:
-              secret:
-                string
-              permissionLevel:
+              permissionLevelGlobal:
                 type: integer
+                description: Permission level for the overall module
+              permissionLevelPerMethod:
+                type: object
+                properties:
+                  GET:
+                    $ref: '#/components/schemas/TypeWebMethodPermissionEntry'
+                  POST:
+                    $ref: '#/components/schemas/TypeWebMethodPermissionEntry'
+                  PUT:
+                    $ref: '#/components/schemas/TypeWebMethodPermissionEntry'
+                  DELETE:
+                    $ref: '#/components/schemas/TypeWebMethodPermissionEntry'
+                description: Permission levels per HTTP method
             required:
-              - secret
-              - permissionLevel
+              - permissionLevelGlobal
+              - permissionLevelPerMethod
       required: true