Authorization

GraphQL Access Token

An access token is a credential that is bound to certain set of permissions. The set of permissions is decided during token generation. It is not bound to any specific user by the application, but it might be issued with specific user in mind.

Access token has an obligatory expiration time after which it will no longer authorize any requests.

Obtaining Access Token via AMS

For GraphQL access you need user token with correct permissions. This could be done in the backend AMS. Navigate to System -> Api Tokens and then add a new token by clicking + Integration API TOKEN button.

Here we are able to provide restrictions, select permissions, and expiration time. Requirements for generating token are:

  • Providing description (it is a good practice to provide a description that allows unambiguous token identification)
  • At least one permission

Expiration time is optional - the default value equals 30 days.

Token Revocation

Access tokens can be revoked in the AMS when necessary. Navigate to System -> Api Tokens and select the token that you want to invalidate. This is the moment when good practice of naming tokens unambiguously pays off. When token details are displayed use the X Revoke button.

Authorizing Requests

One way to authorize the request is to provide an Authorization header:

POST *base*/graphql

Authorization: Bearer <access token>

CURL example:

curl "${BASE_URL}/graphql" \
    -X POST \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -H "Content-Type: application/json" \
    -d '{"query":"{ __schema { types { name } } }"}'

Another way to authorize request to GraphGL API is to add a cookie named graphql-access with only the access token as value.

POST *base*/graphql

Cookie: graphql-access=<access token>

CURL example:

curl "${BASE_URL}/graphql" \
    -X POST \
    -H "Cookie: graphql-access=${ACCESS_TOKEN}" \
    -H "Content-Type: application/json" \
    -d '{"query":"{ __schema { types { name } } }"}'

For instructions on how to attach a header or cookie in your API client refer to the client's documentation.

Permissions

The list of permissions is changing as new permissions are added to match new queries and mutations.

During your integration's initial tests in QA, it's worth to note all the information returned in extensions.permissionsUsed, so that you know exactly which permissions are required for use cases covered in your integration. This way you can later use API tokens with minimal permissions when you move to Production, which we highly recommend. Running Production integrations on tokens with full admin permissions is considered bad practice, and a potential security vulnerability.

If you call the API without required permissions, you will be informed about this explicitly:

Request:

{
  orderConnection(
    last: 10, before: "bnVtYmVyOjE2Ng==", where: {storeType: WHOLESALE}
  )
  {
    totalCount
    pageInfo{hasPreviousPage, hasNextPage, startCursor, endCursor}
    edges{
      node{
        number
        status
        grandTotal{
          value
          currency {code}
        }
        orderDate
      }
      cursor
    }
  }
}

Response:

{
  "errors": [
    {
      "message": "You need Order:read permission to access orderConnection.",
      "extensions": {
        "category": "authorization"
      },
      "locations": [
        {
          "line": 6,
          "column": 3
        }
      ],
      "path": [
        "orderConnection"
      ]
    }
  ],
  "extensions": {
    "complexity": 50,
    "permissionsUsed": [
      "Order:read"
    ]
  }
}

New, simplified permissions

In the upcoming Centra 3.7 version we will release changes simplifying permissions in Integration API (GraphQL).

Previous convention

Most of the main types have a permission associated with it, like Product:read and Product:write. On top of that, relations between types were also secured separately. For example, Product.Brand:read would allow you to read brands associated with a product, but wouldn’t affect your ability to read other brands – for that there was Brand:read. This convention resulted in many granular permissions.

Why and what we change

Reason 1: Such granularity is not actually needed. If a token is granted permission to Account:read, it should be enough to read accounts from Invoice.account, Return.account, or SalesRepresentative.accounts. Thus instead of Invoice.Account:read, Return.Account:read and SalesRepresentative.Account:read there will be the only permission Account:read. It will significantly reduce the number of permissions used, and therefore their management will be simplified.

Reason 2: Inconsistency of sub-permissions. Sometimes scalar fields are guarded, sometimes sub-types are guarded, but they look the same: Product.InternalComment:read (scalar) Product.Attribute:read (type).
The new release will use a field name instead of a return type. The aforementioned permissions will become Product.attributes:read and Product.internalComment:read for attributes and internalComment.
It would also make it clear, which field it is about when there are two fields with the same return type. For example, different addresses PurchaseOrder.shippingAddress:read and PurchaseOrder.supplierAddress:read instead of PurchaseOrder.Address:read for both. And make it clear that Purchaser.Order:read is actually about Purchaser.totalOrders:read.

Reason 3: Currently, it’s not possible to secure the same type with separate permissions. The changes will enable this possibility as for shippingAddress and supplierAddress.

New convention

Nested permissions will be used only for:

  • Attributes
  • Internal comments
  • Stock
  • Addresses
  • Other sensitive information, like AdminUser.email

The second part of nested permissions will always match the field name.

Deprecated permission handling

The old permissions will still work for now but will be marked as deprecated. In case of using a deprecated permission, a new section in responses will appear: extensions > deprecatedPermissionsUsed.

We will monitor the usage of the deprecated permissions to make sure they are not used, before we delete them completely.

How to prepare

Recommended actions:

  • Run all GQL queries, which are in use, towards updated QA servers,
  • Note down all (new) permissions used, then add them to your tokens.

Roadmap

  • 21.03.2022 – release of the new + deprecated permissions on QA servers
  • 04.04.2022 – release on production servers
  • 16.05.2022 – release of removing deprecated permissions on QA servers
  • 30.05.2022 – release on production servers

Additional notes

Please note, some types have new sub-permissions, and using top type permissions on them is marked as deprecated. It only means the usage of this permission is deprecated for this specific field, but the permission itself could be still active and it will be clearly stated in the new deprecatedPermissionsUsed section. For example, the query

{
  invoices(limit: 1) {
    billingAddress {city}
  }
}

...will tell Invoice:read is deprecated but it’s only for Invoice.billingAddress. Invoice:read is still an active permission.

    "permissionsUsed": [
      "Invoice:read",
      "Invoice.billingAddress:read"
    ],
    "deprecatedPermissionsUsed": [
      "Field: Invoice.billingAddress, deprecated: Invoice:read, current: Invoice.billingAddress:read"
    ],

Full list of permissions

  • Account:read
  • Account.AddressBook:read – Address book is part of Account, use Account:read
  • Account.AllocationRule:read – Use AllocationRule:read
  • Account.Attribute:read – Use Account.attributes:read
  • Account.attributes:read – New permission, use instead of Account.Attribute:read
  • Account.Brand:read – Use Brand:read
  • Account.DeliveryWindowDiscount:read – DeliveryWindowDiscount is a part of Account model, use Account:read
  • Account.EmailHistory:read – Use EmailHistory:read
  • Account.InternalComment:read – Use Account.internalComment:read
  • Account.internalComment:read – New permission, use instead of Account.InternalComment:read
  • Account.Invoice:read – Use Invoice:read
  • Account.Market:read – Use Market:read
  • Account.Order:read – Use Order:read
  • Account.PaymentTerms:read – Use PaymentTerms:read
  • Account.Pricelist:read – Use Pricelist:read
  • Account.Purchaser:read – Use Purchaser:read
  • Account.Return:read – Use Return:read
  • Account.SalesRepresentative:read – Use SalesRepresentative:read
  • Account.ShippingTerms:read – Use ShippingTerms:read
  • Account.TaxClass:read – Use TaxClass:read
  • Account.Warehouse:read – Use Warehouse:read
  • Account:write
  • AddressBook:read – AddressBook is a part of Account, use Account:read
  • AdminDiscount.AdminUser:read – Use AdminUser:read
  • AdminUser:read
  • AdminUser.Account:read – Use Account:read
  • AdminUser.Brand:read – Use Brand:read
  • AdminUser.Email:read – Use AdminUser.email:read
  • AdminUser.email:read – New permission, use instead of AdminUser.Email:read
  • AdminUser.Market:read – Use Market:read
  • AdminUser.Pricelist:read – Use Pricelist:read
  • AdminUser.SalesRepresentative:read – Use SalesRepresentative:read
  • Affiliate:read
  • Affiliate.Order:read – Use Order:read
  • Affiliate.Store:read – Use Store:read
  • Allocation:read
  • AllocationRule:read
  • AllocationRule.Account:read – Use Account:read
  • AllocationRule.DeliveryWindow:read – Use DeliveryWindow:read
  • AllocationRule.GeographyAllocationPriority:read – GeographyAllocationPriority is a part of AllocationRule model, use AllocationRule:read
  • AllocationRule.Market:read – Use Market:read
  • AllocationRule.Store:read – Use Store:read
  • AllocationRule.Warehouse:read – Use Warehouse:read
  • AppliedDiscount.Discount:read – Use Discount:read
  • AppliedDiscount.Order:read – Use Order:read
  • Attribute:read
  • Attribute:write
  • Brand:read
  • Brand.Product:read – Use Product:read
  • Brand.Store:read – Use Store:read
  • Brand:write
  • BrickAndMortar:read
  • BrickAndMortar.AllocationRule:read – Use AllocationRule:read
  • BrickAndMortar.Store:read – Use Store:read
  • BrickAndMortar.Warehouse:read – Use Warehouse:read
  • Bundle:read
  • Bundle.SizeChart:read – Use SizeChart:read
  • Bundle:write
  • Campaign:read
  • Campaign.CampaignVariant:read – Use CampaignVariant:read
  • Campaign.DeliveryWindow:read – Use DeliveryWindow:read
  • Campaign.Market:read – Use Market:read
  • Campaign.Pricelist:read – Use Pricelist:read
  • Campaign.Store:read – Use Store:read
  • Campaign:write
  • CampaignVariant.Campaign:read – Use Campaign:read
  • CampaignVariant:read – CampaignVariant is a part of Campaign, use Campaign:read
  • Category:read
  • Category.Display:read – Use Display:read
  • Category.Store:read – Use Store:read
  • Collection:read
  • Collection.totalProducts:read – New permission
  • Collection.Product:read – Use Product:read
  • Collection:write
  • Commission:read
  • Commission.Invoice:read – Use Invoice:read
  • Commission.Order:read – Use Order:read
  • Commission.SalesRepresentative:read – Use SalesRepresentative:read
  • Country:read
  • Currency.Pricelist:read – Use Pricelist:read
  • Currency.ShippingOption:read – Use ShippingOption:read
  • Currency:read
  • Customer.Attribute:read – Use Purchaser.Attribute:read
  • Customer.EmailHistory:read – Use EmailHistory:read
  • DeliveryWindow:read
  • DeliveryWindow.AllocationRule:read – Use AllocationRule:read
  • DeliveryWindow.Campaign:read – Use Campaign:read
  • DeliveryWindow.DeliveryWindowVariant:read – Use DeliveryWindowVariant:read
  • DeliveryWindow.Market:read – Use Market:read
  • DeliveryWindow:write
  • DeliveryWindowDiscount:read – DeliveryWindowDiscount is a part of Account model, use Account:read
  • DeliveryWindowDiscount.Account:read – Use Account:read
  • DeliveryWindowDiscount.DeliveryWindow:read – Use DeliveryWindow:read
  • DeliveryWindowVariant:read – DeliveryWindowVariant is a part of DeliveryWindow model, use DeliveryWindow:read
  • DeliveryWindowVariant.DeliveryWindow:read – Use DeliveryWindow:read
  • DeliveryWindowVariant.Product:read – Use Product:read
  • DeliveryWindowVariant.ProductVariant:read – Use ProductVariant:read
  • DeliveryWindowVariant:write – DeliveryWindowVariant is a part of DeliveryWindow model, use DeliveryWindow:write
  • Discount:read
  • Discount.AdminUser:read – Use AdminUser:read
  • Discount.AppliedDiscount:read – AppliedDiscount is a part of Order model, use Order:read
  • Discount.GiftCertificateGenerator:read – Use GiftCertificateGenerator:read
  • Discount.Market:read – Use Market:read
  • Discount.Store:read – Use Store:read
  • Display:read
  • Display.Attribute:read – Unused
  • Display.CampaignVariant:read – Use CampaignVariant:read
  • Display.Category:read – Use Category:read
  • Display.Comment:read – Use Display.comment:read
  • Display.comment:read – New permission, use instead of Display.Comment:read
  • Display.DisplayRelation:read – DisplayRelation is a part of Display model, use Display:read
  • Display.Market:read – use Market:read
  • Display.Price:read – Use Price:read
  • Display.Product:read – Use Product:read
  • Display.ProductMedia:read – Use ProductMedia:read
  • Display.ProductVariant:read – Use ProductVariant:read
  • Display.Store:read – Use Store:read
  • Display.TaxGroup:read – Use TaxGroup:read
  • Display:write
  • DisplayRelation:write – DisplayRelation is a part of Display model, use Display:write
  • DocumentTemplate:read
  • EmailHistory:read
  • EmailHistory.AdminUser:read – Use AdminUser:read
  • EmailHistory.Order:read – Use Order:read
  • EmailHistory.Purchaser:read – Use Purchaser:read
  • Folder:read
  • Folder.Product:read – Use Product:read
  • Folder:write
  • GeographyAllocationPriority:read – GeographyAllocationPriority is a part of AllocationRule model, use AllocationRule:read
  • GiftCertificateGenerator:read
  • GiftCertificateGenerator.Discount:read – Use Discount:read
  • GiftCertificateGenerator.Store:read – Use Store:read
  • Invoice:read
  • Invoice.billingAddress:read – New permission
  • Invoice.shippingAddress:read – New permission
  • Invoice.Account:read – Use Account:read
  • Invoice.AdminUser:read – Use AdminUser:read
  • Invoice.Commission:read – Use Commission:read
  • Invoice.PaymentTerms:read – Use PaymentTerms:read
  • Invoice.Purchaser:read – Use Purchaser:read
  • Invoice.ShippingTerms:read – Use ShippingTerms:read
  • Invoice.Store:read – Use Store:read
  • InvoiceLine.countryOfOrigin:read – New permission
  • InvoiceLine.OrderLine:read – Use Order:read
  • InvoiceLine.Product:read – Use Product:read
  • InvoiceLine.ProductVariant:read – Use ProductVariant:read
  • InvoiceLine.ShipmentLine:read – Use ShipmentLine:read
  • Language:read
  • Language.Country:read – Use Country:read
  • Localization:read
  • Localization:write
  • Market:read
  • Market.AllocationRule:read – Use AllocationRule:read
  • Market.Campaign:read – Use Campaign:read
  • Market.Comment:read – Use Market.comment:read
  • Market.comment:read – New permission, use instead of Market.Comment:read
  • Market.Country:read – Use Country:read
  • Market.Store:read – Use Store:read
  • MeasurementChart:read
  • MeasurementChart:write
  • MediaBatch:read
  • MediaBatch:write
  • NewsletterSubscription:read
  • NewsletterSubscription.Country:read – Use Country:read
  • NewsletterSubscription.ProductSize:read – Use ProductSize:read
  • NewsletterSubscription.ProductVariant:read – Use ProductVariant:read
  • NewsletterSubscription.Store:read – Use Store:read
  • Order:read
  • Order.Account:read – Use Account:read
  • Order.Affiliate:read – Use Affiliate:read
  • Order.Attribute:read – Use Order.attributes:read
  • Order.attributes:read – New permission
  • Order.billingAddress:read – New permission
  • Order.Commission:read – Use Commission:read
  • Order.DeliveryWindow:read – Use DeliveryWindow:read
  • Order.Discount:read – Use Discount:read
  • Order.EmailHistory:read – Use EmailHistory:read
  • Order.InternalComment:read – Use Order.internalComment:read
  • Order.internalComment:read – New permission, use instead of Order.InternalComment:read
  • Order.Market:read – Use Market:read
  • Order.OrderDocument:read – Use Order:read
  • Order.OrderHistory:read – Use OrderHistory:read
  • Order.PaymentHistory:read – Use PaymentHistory:read
  • Order.PaymentMethod:read – Use PaymentMethod:read
  • Order.PaymentTerms:read – Use PaymentTerms:read
  • Order.Pricelist:read – Use Pricelist:read
  • Order.Purchaser:read – Use Purchaser:read
  • Order.Return:read – Use Return:read
  • Order.SalesRepresentative:read – Use SalesRepresentative:read
  • Order.Shipment:read – Use Shipment:read
  • Order.shippingAddress:read – New permission
  • Order.ShippingPriceGroup:read – Use ShippingPriceGroup:read
  • Order.ShippingTerms:read – Use ShippingTerms:read
  • Order.Store:read – Use Store:read
  • Order.userIP:read – New permission
  • OrderHistory:read
  • OrderHistory.AdminUser:read – Use AdminUser:read
  • OrderHistory.Purchaser:read – Use Purchaser:read
  • OrderLine.Brand:read – Use Brand:read
  • OrderLine.Campaign:read – Use Campaign:read
  • OrderLine.Category:read – Use Category:read
  • OrderLine.Collection:read – Use Collection:read
  • OrderLine.DeliveryWindow:read – Use DeliveryWindow:read
  • OrderLine.Discount:read – Unused
  • OrderLine.Display:read – Use Display:read
  • OrderLine.Folder:read – Use Folder:read
  • OrderLine.GiftCertificateGenerator:read – Use GiftCertificateGenerator:read
  • OrderLine.InvoiceLine:read – Use InvoiceLine:read
  • OrderLine.Product:read – Use Product:read
  • OrderLine.ProductVariant:read – Use ProductVariant:read
  • OrderLine.TaxGroup:read – TaxGroup is a group of TaxRules, use TaxRule:read
  • PaymentHistory:read
  • PaymentHistoryEntry.AdminUser:read – Use AdminUser:read
  • PaymentHistoryEntry.StorePlugin:read – Use StorePlugin:read
  • PaymentTerms:read
  • Price:read
  • Price:write
  • Pricelist:read
  • Pricelist.Campaign:read – Use Campaign:read
  • Pricelist.Comment:read – Use Pricelist.comment:read
  • Pricelist.comment:read – New permission, use instead of Pricelist.Comment:read
  • Pricelist.Country:read – Use Country:read
  • Pricelist.Price:read – Use Price:read
  • Pricelist.ShippingOption:read – Use ShippingOption:read
  • Pricelist.Store:read – Use Store:read
  • Product:read
  • Product.Attribute:read – Use Product.attributes:read
  • Product.attributes:read – New permission, use instead of Product.Attribute:read
  • Product.Attribute:write – Use Product.attributes:write
  • Product.attributes:write – New permission, use instead of Product.Attribute:write
  • Product.Brand:read – Use Brand:read
  • Product.Bundle:read – Use Bundle:read
  • Product.Collection:read – Use Collection:read
  • Product.CountryOfOrigin:read – Use Product.countryOfOrigin:read
  • Product.countryOfOrigin:read – New permission, use instead of Product.CountryOfOrigin:read
  • Product.Display:read – Use Display:read
  • Product.Folder:read – Use Folder:read
  • Product.InternalComment:read – Use Product.internalComment:read
  • Product.internalComment:read – New permission, use instead of Product.InternalComment:read
  • Product.MeasurementTable:read – Use MeasurementChart:read
  • Product.ProductMedia:read – Use ProductMedia:read
  • Product.ProductVariant:read – Use ProductVariant:read
  • Product:write
  • ProductMedia:read
  • ProductMedia.Product:read – Use Product:read
  • ProductMedia:delete – Use ProductMedia:write
  • ProductMedia:write
  • ProductSize:read
  • ProductSize.ProductVariant:read – Use ProductVariant:read
  • ProductSize.PurchaseOrder:read – Use PurchaseOrder:read
  • ProductSize.PurchaseOrderDelivery:read – Use PurchaseOrderDelivery:read
  • ProductSize.Stock:read – Use ProductSize.stock:read and/or ProductSize.stockTotals:read
  • ProductSize.stock:read – New permission, use instead of ProductSize.Stock:read
  • ProductSize.stockTotals:read – New permission, use instead of ProductSize.Stock:read
  • ProductSize.WarehouseDeliveryLine:read – Use WarehouseDelivery:read
  • ProductVariant:read
  • ProductVariant.Attribute:read – Use ProductVariant.attributes:read
  • ProductVariant.attributes:read – New permission, use instead of ProductVariant.Attribute:read
  • ProductVariant.Attribute:write – Use ProductVariant.attributes:write
  • ProductVariant.attributes:write – New permission, use instead of ProductVariant.Attribute:write
  • ProductVariant.CampaignVariant:read – CampaignVariant is a part of Campaign, use Campaign:read
  • ProductVariant.Display:read – Use Display:read
  • ProductVariant.InternalName:read – Use ProductVariant.internalName:read
  • ProductVariant.internalName:read – New permission, use instead of ProductVariant.InternalName:read
  • ProductVariant.Product:read – Use Product:read
  • ProductVariant.ProductMedia:read – Use ProductMedia:read
  • ProductVariant.ProductVariantSupply:read – Use ProductVariantSupply:read
  • ProductVariant.PurchaseOrder:read – Use PurchaseOrder:read
  • ProductVariant.PurchaseOrderDelivery:read – Use PurchaseOrderDelivery:read
  • ProductVariant.SizeChart:read – Use SizeChart:read
  • ProductVariant.Stock:read – Use ProductVariant.stock:read and/or ProductVariant.stockTotals:read
  • ProductVariant.stock:read – New permission, use instead of ProductVariant.Stock:read
  • ProductVariant.stockTotals:read – New permission, use instead of ProductVariant.Stock:read
  • ProductVariant:write
  • ProductVariantSupply:read
  • ProductVariantSupply.PurchaseOrder:read – Use PurchaseOrder:read
  • ProductVariantSupply.PurchaseOrderDelivery:read – Use PurchaseOrderDelivery:read
  • PurchaseOrder:read
  • PurchaseOrder.Address:read – Use PurchaseOrder.shippingAddress:read and/or PurchaseOrder.supplierAddress:read
  • PurchaseOrder.InternalComment:read – Use PurchaseOrder.internalComment:read
  • PurchaseOrder.internalComment:read – New permission, use instead of PurchaseOrder.InternalComment:read
  • PurchaseOrder.PaymentTerms:read – Use PaymentTerms:read
  • PurchaseOrder.PurchaseOrderDelivery:read – Use PurchaseOrderDelivery:read
  • PurchaseOrder.shippingAddress:read – New permission, use instead of PurchaseOrder.Address:read
  • PurchaseOrder.ShippingTerms:read – Use ShippingTerms:read
  • PurchaseOrder.Supplier:read – Use Supplier:read
  • PurchaseOrder.supplierAddress:read – New permission, use instead of PurchaseOrder.Address:read
  • PurchaseOrder.Warehouse:read – Use Warehouse:read
  • PurchaseOrderDelivery:read
  • PurchaseOrderDelivery.AdminUser:read – Use AdminUser:read
  • PurchaseOrderDelivery.PurchaseOrder:read – Use PurchaseOrder:read
  • PurchaseOrderDelivery.Supplier:read – Use Supplier:read
  • PurchaseOrderDelivery.Warehouse:read – Use Warehouse:read
  • PurchaseOrderDelivery.WarehouseDelivery:read – Use WarehouseDelivery:read
  • PurchaseOrderDeliveryLine.OrderLine:read – Use Order:read
  • PurchaseOrderDeliveryLine.Product:read – Use Product:read
  • PurchaseOrderDeliveryLine.ProductSize:read – Use ProductSize:read
  • PurchaseOrderDeliveryLine.ProductVariant:read – Use ProductVariant:read
  • PurchaseOrderLine.OrderLine:read – Use Order:read
  • PurchaseOrderLine.Product:read – Use Product:read
  • PurchaseOrderLine.ProductSize:read – Use ProductSize:read
  • PurchaseOrderLine.ProductVariant:read – Use ProductVariant:read
  • Purchaser:read
  • Purchaser.Account:read – Use Account:read
  • Purchaser.attributes:read – New permission, use instead of Customer.Attribute:read
  • Purchaser.billingAddress:read – New permission
  • Purchaser.EmailHistory:read – Use EmailHistory:read
  • Purchaser.Market:read – Use Market:read
  • Purchaser.NewsletterSubscription:read – Use NewsletterSubscription:read
  • Purchaser.Order:read – Use Order:read
  • Purchaser.Pricelist:read – Use Pricelist:read
  • Purchaser.Return:read – Use Return:read
  • Purchaser.Store:read – Use Store:read
  • Purchaser.TaxClass:read – Use TaxClass:read
  • Purchaser.TotalOrder:read – Use Purchaser.totalOrders:read
  • Purchaser.totalOrders:read – New permission, use instead of Purchaser.TotalOrder:read
  • Return:read
  • Return.Account:read – Use Account:read
  • Return.AdminUser:read – Use AdminUser:read
  • Return.Comment:read – Use Return.comment:read
  • Return.comment:read – New permission, use instead of Return.Comment:read
  • Return.Order:read – Use Order:read
  • Return.OrderDiscount:read – Use Order:read
  • Return.Purchaser:read – Use Purchaser:read
  • Return.Shipment:read – Use Shipment:read
  • Return.Store:read – Use Store:read
  • Return.Warehouse:read – Use Warehouse:read
  • ReturnLine.OrderLine:read – Use Order:read
  • ReturnLine.ShipmentLine:read – Use Shipment:read
  • SalesRepresentative:read
  • SalesRepresentative.Account:read – Use Account:read
  • SalesRepresentative.Commission:read – Use Commission:read
  • Shipment:read
  • Shipment.AdminUser:read – Use AdminUser:read
  • Shipment.Invoice:read – Use Invoice:read
  • Shipment.Order:read – Use Order:read
  • Shipment.OrderDiscount:read – Use Order:read
  • Shipment.Return:read – Use Return:read
  • Shipment.ShipmentPlugin:read – Use StorePlugin:read
  • Shipment.shippingAddress:read – New permission
  • Shipment.Store:read – Use Store:read
  • ShipmentLine.InvoiceLine:read – Use Invoice:read
  • ShipmentLine.OrderLine:read – Use Order:read
  • ShippingOption:read
  • ShippingOption.Comment:read – Use ShippingOption.comment:read
  • ShippingOption.comment:read – New permission, use instead of ShippingOption.Comment:read
  • ShippingOption.Market:read – Use Market:read
  • ShippingOption.ShippingPriceGroup:read – ShippingPriceGroup is a part of ShippingOption, use ShippingOption:read
  • ShippingOption.Store:read – Use Store:read
  • ShippingPriceGroup:read – ShippingPriceGroup is a part of ShippingOption, use ShippingOption:read
  • ShippingTerms:read
  • Size:read
  • Size.ProductSize:read – Use ProductSize:read
  • Size.SizeChart:read – Use SizeChart:read
  • SizeChart:read
  • SizeChart:write
  • StockChange:write
  • Store:read
  • Store.Affiliate:read – Use Affiliate:read
  • Store.AllocationRule:read – Use AllocationRule:read
  • Store.Brand:read – Use Brand:read
  • Store.Campaign:read – Use Campaign:read
  • Store.Category:read – Use Category:read
  • Store.Market:read – Use Market:read
  • Store.Order:read – Use Order:read
  • Store.Pricelist:read – Use Pricelist:read
  • Store.ShippingOption:read – Use ShippingOption:read
  • Store.StorePlugin:read – Use StorePlugin:read
  • Store.TaxGroup:read – TaxGroup is a group of TaxRules, use TaxRule:read
  • Store.TotalOrder:read – Deleted, Store.totalOrders is deprecated
  • Store.TotalPurchaser:read – Deleted, Store.totaPurchasers is deprecated
  • StorePlugin:read
  • StorePlugin.Store:read – Use Store:read
  • Subscription:read
  • Subscription.internalComment:read – New permission
  • SubscriptionPlan:read
  • SubscriptionPlan.internalComment:read – New permission
  • SubscriptionPlan:write
  • Supplier:read
  • Supplier.Address:read – Use Supplier.address:read
  • Supplier.address:read – New permission, use instead of Supplier.Address:read
  • Supplier.Comment:read – Use Supplier.comment:read
  • Supplier.comment:read – New permission, use instead of Supplier.Comment:read
  • Supplier.PaymentTerms:read – Use PaymentTerms:read
  • Supplier.ProductVariantSupply:read – Use ProductVariantSupply:read
  • Supplier.PurchaseOrder:read – Use PurchaseOrder:read
  • Supplier.PurchaseOrderDelivery:read – Use PurchaseOrderDelivery:read
  • Supplier.ShippingTerms:read – Use ShippingTerms:read
  • Supplier.Warehouse:read – Use Warehouse:read
  • TaxClass:read
  • TaxGroup:read – TaxGroup is a group of TaxRules, use TaxRule:read
  • TaxGroup.Store:read – Use Store:read
  • TaxGroup.TaxRule:read – Use TaxRule:read
  • TaxRule:read
  • Warehouse:read
  • Warehouse.AllocationRule:read – Use AllocationRule:read
  • Warehouse.Stock:read – Use Warehouse.stock:read and/or Warehouse.stockTotals:read
  • Warehouse.stock:read – New permission, use instead of Warehouse.Stock:read
  • Warehouse.stockTotals:read – New permission, use instead of Warehouse.Stock:read
  • Warehouse.WarehouseDelivery:read – Use WarehouseDelivery:read
  • WarehouseDelivery:read
  • WarehouseDelivery.AdminUser:read – Use AdminUser:read
  • WarehouseDeliveryLine.ShipmentLine:read – Use Shipment:read
  • WarehouseDeliveryLine.Warehouse:read – Use Warehouse:read
  • WarehouseDeliveryLine.WarehouseDelivery:read – Use WarehouseDelivery:read