diff --git a/server/src/api_endpoints/clients/permissions.js b/server/src/api_endpoints/clients/permissions.js
index c330f08..f71f0c8 100644
--- a/server/src/api_endpoints/clients/permissions.js
+++ b/server/src/api_endpoints/clients/permissions.js
@@ -27,6 +27,27 @@ const createPermission = async (req, res, next) => {
   }
 }
 
+/**
+ * HTTP Request handler
+ * Get a list of permissions for a client
+ *
+ * @param {Object} req - The request object
+ * @param {Object} res - The response object to send a 200 status code and the list of permissions
+ * @param {Function} next - The next middleware function
+ * @returns {Promise<void>} - A Promise that resolves to void when permissions are retrieved
+ */
+const getClientPermissions = async (req, res, next) => {
+  try {
+    const { client_id: clientId } = req.params
+    await checkClientExists(clientId)
+    const permissions = await dbAdminPermission.getPermissions({ clientId })
+    res.status(200).send(permissions)
+  } catch ({ httpStatusCode = 500, message }) {
+    return next(createError(httpStatusCode, { message }))
+  }
+}
+
 module.exports = {
   createPermission,
+  getClientPermissions,
 }
diff --git a/server/the-usher-openapi-spec.yaml b/server/the-usher-openapi-spec.yaml
index fbfe6f5..0df87c2 100644
--- a/server/the-usher-openapi-spec.yaml
+++ b/server/the-usher-openapi-spec.yaml
@@ -1139,6 +1139,39 @@ paths:
           $ref: '#/components/responses/InternalError'
         503:
           $ref: '#/components/responses/ServiceUnavailableError'
+    get:
+      'x-swagger-router-controller': 'clients/permissions'
+      operationId: getClientPermissions
+      summary: Get a list of permissions for a client
+      tags:
+        - Client Admin APIs
+      security:
+        - bearerAdminAuth: []
+        - bearerClientAdminAuth: []
+      responses:
+        200:
+          description: List of permissions for a client
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  allOf:
+                    - $ref: '#/components/schemas/PermissionObject'
+                    - type: object
+                      properties:
+                        client_id: 
+                          type: string
+        400:
+          $ref: '#/components/responses/BadRequest'
+        401:
+          $ref: '#/components/responses/Unauthorized'
+        404:
+          $ref: '#/components/responses/NotFound'
+        500:
+          $ref: '#/components/responses/InternalError'
+        503:
+          $ref: '#/components/responses/ServiceUnavailableError'
 
   /sessions:
     delete: