Services are a set of specific operations exposed as a Web API. Typically services are small, highly decoupled and focus on doing a small task. Creating a service in Monarch can be as simple as specifying its name for reporting purposes. Optionally, you can use delegated access control, which allows Monarch to enforce authorization dynamically instead of having to perform this in your code.
Plans are used to limit the application traffic by the number of requests per minute, hour, day, or month (individually). When the application exceeds its quota, the API will return the appropriate error message. Plans also have an assigned price, which can be used for billing purposes or for display on your developer portal.
Permissions are used to secure services so that applications cannot invoke operations for which they are not authorized. Permissions can represent a specific action (e.g. Execute a transaction), or CRUD operations (create, read, update, delete) on a particular entity (e.g. Pet). In the case of 3-legged authorization schemes like OAuth, the user can control which permissions are delegated to the client. When the user is presented the option to authorize the 3rd party application, the user is presented a Message for each permission requested.
Messages are a way to create internationalized text in your services. Messages are also assigned to permissions for displaying a description of the permission to the user (e.g OAuth request for permissions). Messages can also be hierarchical, which is useful for breaking up permission descriptions or text into nested bullets.