30 N/A 0000

We added the ability restrict user access to either just the administration panel, the API, or both

If you are a developer and you want to create a user account for a specific program which connects through the API, you can improve system security by limiting its ability to log into the panel. You may also want to restrict API access for your employees, for example by disabling the option to download the product database. In user management you can now find the option to restrict user access to either the administration panel or API.

The new functionality allows you to, for example, create a developer user account and give it access only to the IdoSell Shop API. This way an external company which requires API access in order to integrate their system will not be able to log in to the administration panel of your online store. If you use supporting applications, it is also worth restricting their user account access to API only.

To use this new functionality, go to ADMINISTRATION / Panel users management. In the panel user edit form you will find a new option "Active", which allows you to manage user access to the panel and IdoSell Shop API:

The user with the role of a "chief" always has access to both the panel and API. "IAI POS cashier" always has API access enabled.

What is more, there is a new option in "List of Panel users" - additional column "Active", which allows you to quickly check access levels for each user:

Security tips:

We encourage you to check previously created user accounts and disable API access for those users who do not specifically need it (and do not use supporting applications such as IAI Downloader). We strongly recommend restricting access to the administration panel whenever you create user account for a partner (e.g. a logistics center).

Remember that an external company for which you create a user account with too many rights, instead of just downloading information about parcels, can handle orders just like one of your employees. API access should only be granted if you fully trust the company which will use it. In other cases you should make use of other mechanisms of integration designed specifically for this purpose, ensuring a greater level of security.

Remember to always remove panel users when you are unsure whether they need access. No security will help if a user (e.g. a former employee) logs into an account in the administration panel they still have access to. That is why, you should create a separate account for each user. IdoSell Shop allows you to create as many user accounts as you need at no extra cost.