The API applies an access policy that is common and easy to understand, so you do not need to learn a complex ACL to handle permissions properly in your Rest client.
There is just a simple thing to learn: All authenticated users are regular users, administrators and space managers have some privileges.
Space manager
When a user creates a space, he is the space manager by default. The space manager has some privileges:
Add users to the space.
Remove users from the space.
Read all memberships of the space.
Regular users can leave spaces and can join open spaces.
You can check who is the manager of a specified space:
GET /v1/social/spaces/{space_id}/users?role=managerPlatform Administrators
Members of /platform/administrators have some privileges:
Create and (logically) delete users.
CRUD any relationship (regular users can only do with their own relationships).
Read activities of any user.
Update any space.
CRUD any space membership.
Currently there is no Rest API to directly check if the authenticated user is an administrator.