The VTEX platform has a variety of REST APIs that are commonly used to integrate third-party solutions. You can access them using specific credentials.

Credentials for accessing REST APIs are composed of appKeys and appTokens. A pair of appKey and appToken can be considered as the user ID (used to identify who accesses the platform) and password.

For security reasons, you can only create this pair with a Sponsor user account.

Previously, after credentials were created, access was automatically assigned to the Owner (Admin Super) profile. From now on, new appKeys will not have any role assigned to them. Their assignment must be done in the same way as it is currently done for other users. For instructions, see the Editing users section in the article How to manage users.

For additional information about appKeys and appTokens, please access the Authentication article.

This change was implemented for security reasons. Giving an application more permissions than it should have can increase the risk of unforeseen damages to the store, whether due to an error, malicious use or any other reason.

An application that uses an appKey should be given access only to the features for which it was developed. However, the Owner role enables virtually any action in the store due to its unrestricted access.

With this change, the role must be defined manually as the need arises, and permissions will be limited according to the selected profile.

For more information, please see the article Roles.