handle Multiple organization in one project and different role in every organization

[hassanascend]

My structure is like we have One project in that project we have multiple organization and one user can have different role in every organization user just switch organization then we fetch new permission from server side and add those permission in local storage at our react side.

Now we want to use permission at API end also when user access api we have to see either that use can access that api or not. What is the best practice to do and one more thing some time we need to use multiple api's to perform one action for example to update user we need to hit two api's first one to fetch user data then we hit update api to update user so do we need to give access for both api as different permission ?