diff --git a/internal/domain/models.go b/internal/domain/models.go
index cbcd475..9141f4b 100644
--- a/internal/domain/models.go
+++ b/internal/domain/models.go
@@ -113,6 +113,7 @@ type VerifyRequest struct {
 // VerifyResponse represents a token verification response
 type VerifyResponse struct {
 	Valid               bool              `json:"valid"`
+	Permitted           bool              `json:"permitted"`
 	UserID              string            `json:"user_id,omitempty"`
 	Permissions         []string          `json:"permissions"`
 	PermissionResults   map[string]bool   `json:"permission_results,omitempty"`
diff --git a/internal/services/token_service.go b/internal/services/token_service.go
index d877235..197f933 100644
--- a/internal/services/token_service.go
+++ b/internal/services/token_service.go
@@ -211,8 +211,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
 	// Validate request
 	if req.Token == "" {
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Token is required",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Token is required",
 		}, nil
 	}
 
@@ -221,8 +222,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
 	if err != nil {
 		s.logger.Error("Failed to get application", zap.Error(err), zap.String("app_id", req.AppID))
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Invalid application",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Invalid application",
 		}, nil
 	}
 
@@ -233,8 +235,9 @@ func (s *tokenService) VerifyToken(ctx context.Context, req *domain.VerifyReques
 		return s.verifyUserToken(ctx, req, app)
 	default:
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Invalid token type",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Invalid token type",
 		}, nil
 	}
 }
@@ -247,8 +250,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
 	if !crypto.IsValidTokenFormat(req.Token) {
 		s.logger.Warn("Invalid token format", zap.String("app_id", req.AppID))
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Invalid token format",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Invalid token format",
 		}, nil
 	}
 
@@ -257,8 +261,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
 	if err != nil {
 		s.logger.Error("Failed to get tokens for app", zap.Error(err), zap.String("app_id", req.AppID))
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Token verification failed",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Token verification failed",
 		}, nil
 	}
 
@@ -273,8 +278,9 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
 	if matchedToken == nil {
 		s.logger.Warn("Token not found or invalid", zap.String("app_id", req.AppID))
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Invalid token",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Invalid token",
 		}, nil
 	}
 
@@ -283,31 +289,45 @@ func (s *tokenService) verifyStaticToken(ctx context.Context, req *domain.Verify
 	if err != nil {
 		s.logger.Error("Failed to get token permissions", zap.Error(err), zap.String("token_id", matchedToken.ID.String()))
 		return &domain.VerifyResponse{
-			Valid: false,
-			Error: "Failed to retrieve permissions",
+			Valid:     false,
+			Permitted: false,
+			Error:     "Failed to retrieve permissions",
 		}, nil
 	}
 
 	// Check specific permissions if requested
 	var permissionResults map[string]bool
+	var permitted bool = true // Default to true if no specific permissions requested
+	
 	if len(req.Permissions) > 0 {
 		permissionResults, err = s.grantRepo.HasAnyPermission(ctx, domain.TokenTypeStatic, matchedToken.ID, req.Permissions)
 		if err != nil {
 			s.logger.Error("Failed to check specific permissions", zap.Error(err))
 			return &domain.VerifyResponse{
-				Valid: false,
-				Error: "Failed to check permissions",
+				Valid:     false,
+				Permitted: false,
+				Error:     "Failed to check permissions",
 			}, nil
 		}
+		
+		// Check if all requested permissions are granted
+		for _, requestedPerm := range req.Permissions {
+			if hasPermission, exists := permissionResults[requestedPerm]; !exists || !hasPermission {
+				permitted = false
+				break
+			}
+		}
 	}
 
 	s.logger.Info("Static token verified successfully", 
 		zap.String("token_id", matchedToken.ID.String()),
 		zap.String("app_id", req.AppID),
-		zap.Strings("permissions", permissions))
+		zap.Strings("permissions", permissions),
+		zap.Bool("permitted", permitted))
 
 	return &domain.VerifyResponse{
 		Valid:             true,
+		Permitted:         permitted,
 		Permissions:       permissions,
 		PermissionResults: permissionResults,
 		TokenType:         domain.TokenTypeStatic,
@@ -321,8 +341,9 @@ func (s *tokenService) verifyUserToken(ctx context.Context, req *domain.VerifyRe
 	// TODO: Implement JWT token verification
 	// For now, return an error since user tokens are not fully implemented
 	return &domain.VerifyResponse{
-		Valid: false,
-		Error: "User token verification not yet implemented",
+		Valid:     false,
+		Permitted: false,
+		Error:     "User token verification not yet implemented",
 	}, nil
 }
 
diff --git a/server b/server
index 8847648..e91a7ec 100755
Binary files a/server and b/server differ