How does the access control work in Voucherify?

Useful links: 

Voucherify organizes work on promo campaigns with Users and Projects. These components give you the ability to launch enterprise-grade promotions, which require many parties to be involved. Let's see how access control in Voucherify works in practice:

  • Users – you can invite team members to collaborate on campaigns on the Dashboard. After account confirmation, new users can be granted access to projects. Each user's activity is tracked and can be seen in the audit logs.
  • Projects – projects group campaigns in collections. The primary goal of projects is to help you control user access to campaigns. You can define which users have access to separate projects. For example, Jane can operate only on new acquisition campaigns but cannot access employee discount.
  • API keys – each project can have multiple API keys. This gives you the ability to control how your internal applications and 3rd party vendors access your data.

In this section:

  1. Users' structure and data access - how it works
  2. Merchants with no access to the dashboard
  3. Roles of users with access to the dashboard
    1. Assign a user to a built-in role
    2. Create a custom role and assign user
  4. List of actions permitted within Voucherify roles - dictionary

In case you might want to share and redeem your coupons by collaboration with affiliates, we supplied Voucherify with features that enable you to limit users' access to the dashboard and perform particular endpoints only.

How does it work? 🤔

Data Access Voucherify

Note 💡

Users' structure is managed per project. However, the custom roles are defined for the whole organization. 

Merchants with API keys 🔑

Merchants with API keys are allowed to perform validation and redemption only, excluding other endpoints (they don't have access to the Dashboard). You can make as many redemption points as you want to and keep the only rights to create and manage your coupons.

Coupons are generated and managed by your Voucherify account.

  1. When vouchers are ready, you can deliver them to your affiliates (Merchants) where they are published.
  2. Customers can now come to these stores (Merchants) to redeem their codes.
  3. The Merchant sends a redemption request to Voucherify. If the coupon is valid, Voucherify sends a positive response, and the redemption is successful (all redemption details are noted in your Voucherify account).

Go here to learn more about the coupon redemption process.


Configuration 🔧

The Merchant role is available with unique API keys, which you can create in the Voucherify Dashboard. To begin with, open the Project Settings and go to the API-keys section.

Project Keys

Choose Plus to generate unique API keys and assign them to a particular merchant (you can add as many merchants as you want to). When you define a name for a merchant, choose Create access API key option.

Creating API for Merchant

Share the API key with your affiliate and send the coupons (see export options) to publish. With these credentials, the Merchant can validate/redeem delivered codes.

Roles of users with access to the dashboard 👋

Within Team settings, you can also assign particular roles to your team members and affiliates. Roles control what kind of access to your data a specific user is granted. The roles can be added only by the ADMIN user, who doesn't have any limits on an account.

The process is divided into two main steps:

  1. Firstly, define a role – grant access to particular data and endpoints.
  2. Secondly, invite a new team member and assign them to the role.

While inviting a new team member to the project, an administrator can assign one of the built-in roles:

  • USER – can read and modify data from an assigned project, but cannot add new team members or create new projects.
  • VIEWER – can read all data from an assigned project, but cannot modify any data.
  • MERCHANT – can redeem/validate vouchers and view redemptions invoked with his/her account. They won't be able to read any other data in the project.

or a CUSTOM ROLE – ADMIN can create new roles and set access rights allowed for each of them.

To manage Users' Structure, go to the Team settings --> ROLES. 

In the roles directory, you can:

  • view actions performed within predefined roles (click on a role name to view details),
  • add new roles (see the section below),
  • edit your custom roles (the pencil tool).

Assign a user to a built-in role

If you'd like to use one of the default roles (User, Merchant, or Viewer), you can go straight to step two and invite a new team member.

Inviting new members


Create a custom role and assign user

If you'd like to add a new role, follow these steps:

1. Duplicate one of the predefined roles, and the app will direct you to the edit tool.

Create a new role

2. Name your role and select limitations of your given user role. 

Roles

Available actions and data access 🔓

Below we've listed all actions which can be permitted within Voucherify roles:

General


Campaigns

  • Read Campaigns.
  • Create and modify Campaigns.
  • Delete Campaigns.
  • Enable Campaigns.
  • Disable Campaigns.

Campaigns Limitations

  • Campaigns' updates must be approved by the Managing User.
  • Created Campaigns must be approved by the Managing User.

Voucher

  • Read Vouchers.
  • Read Voucher by code.
  • Create and modify Vouchers.
  • Enable Vouchers.
  • Disable Vouchers.
  • Redeem Voucher.
  • Rollback Redemptions (Rollback means turning back redemption once it's made).
  • Publish Voucher.
  • Import Voucher.
  • Delete Voucher.
  • Add balance to Gift Vouchers.

Voucher Limitations

  • Adding vouchers to existing Campaigns must be approved by the Managing User.
  • Vouchers' updates must be approved by the Managing User.
  • Created standalone Vouchers must be approved by the Managing User.

Distributions

Redemptions


  • Read Redemptions.
  • Read Redemptions history of identified Voucher.
  • Limit listing of Redemptions to those done by User (if you mark this box, users will see only redemptions invoked by their account).
  • Rollback Redemptions. 

Orders

  • Read Orders.
  • Create and modify Orders.

Events

  • Read events and technical logs (Logs enable users to investigate every API call related to the selected voucher).

Project Settings

  • Access Project Settings.
  • Access and configure integrations.
  • Access to Project Users list (required in, i.e. cases like Validation Rules or Redemptions list filtering). 
  • Modify base Project Details (like Locale, Currency, etc.).
  • Read API keys and other Settings.
  • Modify API keys and other Settings including upgrading API version.
  • Read defined Webhooks.
  • Create and modify Webhooks.
  • Read Metadata Schema (Schema validator takes care of the integrity of your metadata, read more here.)
  • Add and modify Metadata Schema.
  • Read Custom Event Schema.
  • Add and modify Custom Event Schema.
  • Delete Custom Event Schema.
  • Read Custom Domains essential data.
  • Add and modify Custom Domains, including uploading SSL certificates.
  • Link Custom Domains with desired resources (landing pages, cockpits).
  • Delete Custom Domain and drop the link.

Products

  • Read Products.
  • Create and modify Products.

Customers

  • Read Customers.
  • Read a single Customer by ID or Source ID.
  • Create and modify Customers and Segments.

Validation Rules

  • Read Validation Rules.
  • Create and modify Validation Rules.
  • Delete Validation Rules.
  • Validation Rules' changes must be approved by the Managing User.

Landing Pages

  • Read Landing Pages.
  • Create and modify Landing Pages.
  • Delete Landing Pages.

Modules

Still need help? Contact Us Contact Us