API key usage for Customer type users

  • rui.rocha

    (@ruirocha)


    9 years, 2 months ago

    This may be a dumb question but should a “Customer” type user be able to create a product?

    I’m logged in with a customer, if I make an API call with a key that has write access (I only have one, admin) which would be the best option to control this? Do I forcibly need to verify if the user logged in is an admin or should I generate a new, read only permission, consumer_key each time a customer user is created, so I can relate the API usage with its consumer key and secret?

Viewing 1 replies (of 1 total)
  • Plugin Contributor Claudiu Lodromanean

    (@claudiulodro)

    9 years, 2 months ago

    Ideally, each user that needs to access the API would have their own API key with the appropriate permissions. If you have a logged-in user that needs to access the API, they should do so using an API key for their user. That’s why there’s a User field when making an API key! 🙂

    Why does every single customer need API access, though?

Viewing 1 replies (of 1 total)

The topic ‘API key usage for Customer type users’ is closed to new replies.