Menu
Feedback
Start here
Tutorials
Developer portal

Known Issues
Support Rules
Troubleshooting

Frequently Asked Questions
Announcements
News
Announcements
New appKeys will not have a predefined role
Photo of the author
PedroAntunesCosta
Published on 1/6/2021
Last update on 12/10/2021

The VTEX platform has a variety of REST APIs that are commonly used to integrate third-party solutions. You can access them using specific credentials.

Credentials for accessing REST APIs are composed of appKeys and appTokens. A pair of appKey and appToken can be considered as the user ID (used to identify who accesses the platform) and password.

For security reasons, you can only create this pair with a Sponsor user account.

What has changed?

Previously, after credentials were created, access was automatically assigned to the Owner (Admin Super) profile. From now on, new appKeys will not have any role assigned to them. Their assignment must be done in the same way as it is currently done for other users. For instructions, see the Editing users section in the article How to manage users.

For additional information about appKeys and appTokens, please access the Authentication article.

Why did we make this change?

This change was implemented for security reasons. Giving an application more permissions than it should have can increase the risk of unforeseen damages to the store, whether due to an error, malicious use or any other reason.

An application that uses an appKey should be given access only to the features for which it was developed. However, the Owner role enables virtually any action in the store due to its unrestricted access.

With this change, the role must be defined manually as the need arises, and permissions will be limited according to the selected profile.

For more information, please see the article Roles.

Was this helpful?
Yes
No
Suggest Edits (GitHub)
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback