Hi,
Welcome to the community!
In fact, there’s no good way to do this. I believe that’s because of the underlying structure of permissions storage (altho that’s speculation, to be honest).
I think your best bet is to script an iteration of projects and for each project pull the groups that have permissions on it.
The best way to master the API is to perform the desired action via the UI and eavesdrop to see which calls the UI made to accomplish the action.
You may also find this guide helpful.
HTH,
Ann