PRIVATE-TOKEN in the header
For groups where the authorized user does have the required permissions (maintainer in the example above), the query is also return subgroups for which the user does not have the required permissions. e.g. When the user has maintainer to group foo, but developer to group foo/bar, the query is returning foo/bar as one of the results of the min_access_level filtered query.
The way the docs are written, this sounds like a bug. Shouldn’t the query results include only groups/sub-groups for which the user has equal or greater permissions than those designated in the min_access_level parameter?