Skip to main content

Overview

API keys use a permission-based scope system that controls access to specific endpoints and operations. Each API key can be configured with one or more scopes to limit access according to your integration needs.
API keys can be generated and scopes can be configured from your Komerza Dashboard.

Scope Categories

Store Management

Permission to view stores Read access to store information, settings, and configuration. Required for most store-related read operations.
Permission to update stores Modify store configuration, settings, branding, and operational parameters.
Permission to create new stores Create new store instances. Typically used for multi-store applications or store management platforms.
Permission to view store analytics Access store performance metrics, sales data, traffic statistics, and analytical insights.

Categories

Permission to view categories in stores Read access to product categories, category hierarchy, and organization structure.
Permission to create new categories in stores Add new product categories to organize your store catalog.
Permission to update categories in stores Modify category information, reorganize hierarchy, and update category settings.
Permission to delete categories in stores Remove categories from the store. Ensure products are reassigned before deleting categories.

Products & Inventory

Permission to view products in stores Read access to product catalog, variants, pricing, and inventory information.
Permission to create new products in stores Add new products to the store catalog, including variants and pricing.
Permission to update products in stores Modify existing products, update pricing, inventory levels, and product details.
Permission to delete products in stores Remove products from the store catalog. Use with caution as this action may affect order history.

Customer Management

Permission to view customers in stores Access customer profiles, contact information, and purchase history.
Permission to create new customers in stores Add new customer profiles to the store database.
Permission to update customers in stores Modify customer information, update balances, and manage customer accounts.

Order Processing

Permission to view orders in stores Access order information, payment status, and order history.
Permission to create orders Process new orders, including payment processing and order creation.
Permission to deliver orders in stores Mark orders as delivered, update tracking information, and manage fulfillment.
Permission to refund orders Process refunds, partial refunds, and handle order cancellations.

Marketing & Promotions

Permission to view coupons in stores Access coupon information, usage statistics, and discount configurations.
Permission to create new coupons in stores Create discount codes, promotional campaigns, and coupon configurations.
Permission to update coupons in stores Modify existing coupons, update discount amounts, and change validity periods.
Permission to delete coupons in stores Remove coupons from the system. Active coupons should be disabled rather than deleted.

Affiliate Program

Permission to view affiliates in stores Access affiliate information, commission data, and performance statistics.
Permission to update affiliates in stores Modify affiliate settings, commission rates, and payout configurations.

Support & Communication

Permission to view tickets in stores Access support tickets, customer inquiries, and communication history.
Permission to update tickets in stores Respond to tickets, update ticket status, and manage customer support workflows.
Permission to delete tickets in stores Remove tickets from the system. Consider archiving instead of deleting for audit purposes.
Permission to flag reviews in stores Mark reviews as inappropriate, spam, or requiring moderation.

User Account & Platform

Permission to view user profile information Access user account details, preferences, and profile information.
Permission to view enabled cryptocurrencies for a user Access cryptocurrency payment settings and enabled payment methods.
This scope is deprecated and will be removed in future versions. Please avoid using it.

Webhooks & Integrations

Permission to view webhooks Access webhook configurations, event subscriptions, and delivery logs.
Permission to manage webhooks: create Set up new webhook endpoints and event subscriptions.
Permission to manage webhooks: update Modify existing webhook configurations and event subscriptions.
Permission to manage webhooks: delete Remove webhook endpoints and cancel event subscriptions.

Best Practices

Principle of Least Privilege

Only request the minimum scopes necessary for your application. This reduces security risks and makes it easier to audit API access.

Scope Planning

Plan your required scopes during the design phase of your integration. Consider:
  • Which resources you need to read vs. modify
  • Whether you need create/delete permissions
  • If your application handles sensitive customer data