diff --git a/scripts/install b/scripts/install
index b0d5145..bc1d78d 100644
--- a/scripts/install
+++ b/scripts/install
@@ -170,6 +170,11 @@ then
 	ynh_permission_update --permission="main" --add="visitors"
 fi
 
+# Everyone can access the API part
+# We don't want to display the tile in the SSO so we put --show_tile="false"
+# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
+ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 18d8108..c93cb9b 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -77,6 +77,11 @@ if ynh_legacy_permissions_exists; then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
+# Create a permission if needed
+if ! ynh_permission_exists --permission="api"; then
+	ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
+fi
+
 # Do not remove the file before the backup, to not fail the backup.
 # Remove old cron job
 ynh_secure_remove --file="/etc/cron.d/$app"