Permissions

Permissions are managed through tokens. There are two main token types available for use within your project.

Customer tokens can be used with an Implicit Bearer token to manage user interfaces that involved sensitive data the user may need to access or modify such as reading orders, addresses and customer details.

Breakdown of access

Client Credentials
Implicit
Implicit + Customer Token

A breakdown of the access given by the token can be seen in the following table.

Endpoint

Read access

Write access

/brands

/carts

/categories

/checkout

/collections

/currencies

/customers

/customers/addresses

/files

/flows

/integrations

/orders

/payment-gateways

/products

/variations

/promotions

/settings

/jobs

The table below shows a breakdown of which API endpoint actions are available to this token type. Note that you can only fetch data with live status.

Endpoint

Read access

Write access

/brands

⛔️

/carts

/categories

⛔️

/checkout

/collections

⛔️

/currencies

⛔️

/customers

⛔️

⛔️

/customers/addresses

⛔️

⛔️

/files

⛔️

/flows

⛔️

/integrations

⛔️

⛔️

/orders

⛔️

⛔️

/payment-gateways

⛔️

⛔️

/products

⛔️

/variations

⛔️

⛔️

/promotions

⛔️

⛔️

/settings

⛔️

⛔️

/jobs

⛔️

⛔️

Endpoint

Read access

Write access

/brands

⛔️

/carts

/categories

⛔️

/checkout

/collections

⛔️

/currencies

⛔️

/customers

/customers/addresses

/files

⛔️

/flows

⛔️

/integrations

⛔️

⛔️

/orders

⛔️

/payment-gateways

⛔️

⛔️

/products

⛔️

/promotions

⛔️

⛔️

/settings

⛔️

⛔️

/jobs

⛔️

⛔️