diff --git a/src/ti-auth.js b/src/ti-auth.js
index 360872b..cde48b9 100644
--- a/src/ti-auth.js
+++ b/src/ti-auth.js
@@ -31,6 +31,12 @@ const TiAuth = {
     }
     retrieve_user(resolve);
   },
+  loadGrants(resolve) {
+    API.get(TiAuth.API_URL + '/api/v1/grants',
+      (response) => { resolve.call(null, response.grants[0].controls); },
+      Auth.unauthorize
+    );
+  },
   reauthorize() {
     Auth.unauthorize();
   },
diff --git a/test/ti-auth_test.js b/test/ti-auth_test.js
index 7187b2a..5f64e22 100644
--- a/test/ti-auth_test.js
+++ b/test/ti-auth_test.js
@@ -73,6 +73,39 @@ describe('TiAuth', () => {
     }));
   });
 
+  describe('#loadGrants', () => {
+    it('makes correct request to API', test(function() {
+      this.mock(API).expects('get').withArgs('https://api.test/api/v1/grants');
+      TiAuth.loadGrants(noop);
+    }));
+
+    it('resolves with parsed Grants on success', test(function() {
+      const api_mock = {
+        grants: [{
+          user: 'foo@bar.com',
+          admin: true,
+          controls: [{
+            oneThing: true
+          }, {
+            andAnother: false
+          }]
+        }]
+      };
+      const stub = spy();
+      this.stub(API, 'get', (url, success) => { success(api_mock); });
+      TiAuth.loadGrants(stub);
+      assert.calledWith(stub, api_mock.grants[0].controls);
+    }));
+
+    it('unauthorizes if request to API failed', test(function() {
+      this.stub(API, 'get', (url, _, error) => { error('Nope.'); });
+      const stub = spy();
+      this.stub(Authentication, 'unauthorize', stub);
+      TiAuth.loadGrants();
+      assert.calledOnce(stub);
+    }));
+  });
+
   describe('#reauthorize', () => {
     it('delegates to Authentication#unauthorize', test(function() {
       const stub = spy();