Feature Updates: API Key Access for Non-Store Owners Now Available!
With the growing workload of BigCommerce store owners and developers, establishing permissions to generate API keys that are used to install apps and complete other integrations saves time and increases store security.
To that end, we’re excited to announce that now, available to all stores, store owners can now establish user permissions that will grant non-Store Owner’s access to create and manage store level API accounts, including API key access.
Why change these API account permissions?
As a store owner, you want to be able to give API account permissions to developers or agencies that you hire so they can perform custom development on your store. With our new permissions settings, store owners can now allow other users to create API Keys. Only users with store owner permissions will be able to share the access needed to create API tokens and this does not escalate privileges for the users themselves.
Non-store owner API key access typically has limitations and restrictions to ensure the security and privacy of the store’s data. For example, the API key may only allow access to specific data or functionality.
To mitigate risk, this new functionality will come with a set of warnings and protections like:
- Only store owners can assign and grant these permissions to other users. Permission granting is not inherited by any user accounts.
- It’s highly recommended for store owners and the designated recipients of this permission to have 2FA set up.
Why Would I Use Non-Store Owner API Key Access?
Why would you want to use non-store owner API keys access? Non-store owner API key access is a useful tool for enabling integration and collaboration between online stores and third-party applications or services. A great use case is for store owners who want to give developers access to work on API tokens connected to like an app to ease the development process.
Store owners who grant non-store owner API key access will be able to provide access to users of their choice and view, create, edit, and delete permissions and delegate the token creation functionality to a user of their choice This makes managing who has access to your store super easy.
I’m interested! What’s next?
To learn more about non-store owner API key access and other API account permissions, please check out our Knowledge Base article!
If you still have questions, comment on this article or tweet at us, or send our DevRel team an email!
