Permission

From Creately Developer

Jump to: navigation, search

The API has been designed to enable as many features as possible for you to make valid use of them. At the meantime Creately API's security module ensures the security of individual users data and who may/may not access them. Creately API will control permissions at two different levels.


Contents

User Permissions

User permissions are permissions that your Creately user account will currently have. These can be identified in two forms

  1. User Plan - All Creately users will be assigned to a User Plan which will grant them with different levels of privileges. This is how Creately manages different pay plans. All features and capabilities a user is able to access/not access in the Creately Application will apply in the Creately API as well for that user.
  2. Access to Data - Every user in Creately will have access to data that they created and they own. The user will also have access to the data that are shared with them. Each resource ( Document, Project, User or anything else) a user is able to access in Creately Application will be accessible through Creately API as well. Anything that a user cannot access through the Application will not be accessible through Creately API.


Consumer Permissions

A consumer is a entity that utilises Creately API for some purpose. Consumers will have permission controlled as following.

Authentication Method

As you would have seen in the Authentication section, each API call can be used by authenticating using either CT or SA. Some calls are controlled to be used only through one of either CT or SA. These controls are in place due to various security considerations. Each method specification will specify if the method can use CT or SA or both as the authentication method. A method requiring only SA will not allow access to a consumer using CT (and vice-versa).

Method Level Permission

This means each API method will either be open to everyone OR be controlled to have special permission requirements. This control is in place to restrict permission to specific Method calls that are not open to public usage. Each method specification will specify if the method requires a special permission to use. All methods that require special permission can only be authenticated through Service Authentication (SA). If you require permissions to one of the controlled API calls, Creately will need to specifically grant permission to your API Key to the specific method call.

User Control Restrictions

The security component also restricts access to a consumer based on which user the consumer can access and manage. These restrictions differ in each authentication method.

  • For a consumer using CT the limitations are quite straight forward. The consumer can only access data of the single account that is being used to access the API itself.
  • For a consumer using SA the limitations extend to the users created by the Consumer using the Sign Up User method. The Consumer will be able to access and manage any user accounts created by the consumers API Key. NOTE: Creately will evaluate the consumer and have legal commitments on the usage of API and user data prior to granting access to the API.

User Plan Management

Any API calls that involve managing Creately User Plans will have a special level of permission requirement. This permission will control what actions can be performed when managing user plans for Creately by a specific API Key. For further details on this please contact developer@creately.com.

Personal tools