Permissions

Permissions are managed through tokens. There are two main token types available for use within your project.

pageClient credential token pageImplicit token

Customer tokens can be used with an Implicit Bearer token to manage user interfaces that involved sensitive data the user may need to access or modify such as reading orders, addresses and customer details.

pageCustomer Tokens

Breakdown of access

A breakdown of the access given by the token can be seen in the following table.

Endpoint

Read access

Write access

/brands

✅

/carts

✅

/categories

✅

/checkout

✅

/collections

✅

/currencies

✅

/customers

✅

/customers/addresses

✅

/files

✅

/flows

✅

/integrations

✅

/orders

✅

/payment-gateways

✅

/products

✅

/variations

✅

/promotions

✅

/settings

✅

/jobs

✅

The table below shows a breakdown of which API endpoint actions are available to this token type. Note that you can only fetch data with live status.

Endpoint

Read access

Write access

/brands

✅

⛔️

/carts

✅

/categories

✅

⛔️

/checkout

✅

/collections

✅

⛔️

/currencies

✅

⛔️

/customers

⛔️

/customers/addresses

⛔️

/files

✅

⛔️

/flows

✅

⛔️

/integrations

⛔️

/orders

⛔️

/payment-gateways

⛔️

/products

✅

⛔️

/variations

⛔️

/promotions

⛔️

/settings

⛔️

/jobs

⛔️

Endpoint

Read access

Write access

/brands

✅

⛔️

/carts

✅

/categories

✅

⛔️

/checkout

✅

/collections

✅

⛔️

/currencies

✅

⛔️

/customers

✅

/customers/addresses

✅

/files

✅

⛔️

/flows

✅

⛔️

/integrations

⛔️

/orders

✅

⛔️

/payment-gateways

⛔️

/products

✅

⛔️

/promotions

⛔️

/settings

⛔️

/jobs

⛔️

PreviousCustomer token NextContent Type

Last updated 4 years ago