High-Risk Permissions in BigCommerce

Hey there, in this video, we're going to go over a new feature of Bigcommerce called high-risk user accounts, access and permissions.

And before we get started, my name is Kal. I'm a developer and a store owner, just like you, and I run an online community for other apps and store owners like us. There'll be special app access a link at the end; let me show you. Let me share my screen, not your screen. Let me share my screen, and I'll show you what I'm talking about.

Okay, so this is found under Account Settings. And when you go to create a new user or edit an existing user account, you can still assign most of normal permissions to your user account permissions just by selecting store administrator password or whatever, just like you always could. But now there's a new section down here called higher-risk permissions.

Enable User Permissions

And this is super handy. Before this feature came out, the only way that you would get an API created was if the owner of a user account on a big commerce store said I wanted to create an API key. And you know, so much of the time, store owners don't understand what the user role and API keys are for, what to do with them, or what specific permissions to set on them.

So it was kind of a little bit awkward to get API keys when you needed them. With this new set of high-risk permissions, you can give the user that you're creating the ability to create a new API key, grant permissions to view existing API keys, delete API, request access to keys, or all three.

Now, there are two different API keys. Now, there's CLI stencil CLI keys, which developers existing users alike may use to develop your app requests the store that let us see and edit front-end things.

Using stencil local, it's really nice, blah, blah, blah, buzzwords, but it's great for developers. It also allows you to create a v2 v3 api key for your app developer. That's the type of API key that you would use to connect installed apps to your store through apps, so that the app can talk to your store and maybe create products or, you know, admin users or do something with your orders.

User Permissions

Whatever it is, this set of the user interface and account permissions lets your developer create the API key that they need for the purpose core functionality that they're looking to use it for. Right?

So this is kind of handy because it means that your developer doesn't have to bug you anymore, that it is high-risk permission, and that they can do some things in your store by communicating in and out of control of your data. But it does make it a lot easier for them to be able to create it on their own account on your behalf.

The delete would be a little bit of an optional permission, I would say. But if you want them to be able to clean up the existing API keys when they're no longer used, that would give them permission to do that by default.

So it's high-risk. But if you trust your developer, then you're probably okay giving them these. If you don't trust your developer,

Can you get a new developer? Alright, so this is one of the ways that they can get API keys.

This is an example of what high-risk user permissions are in big commerce.

I hope that clears it up. It's a really nice feature. It's a really small feature. But it's really handy to let your tech people handle and manage your API keys above permissions, which is totally their domain.

So I appreciate you guys being with me. I hope this helped you guys out. If you're interested in our courses or community, check out e-commerce amplifiers.

If you're interested in working with me or my team, hit us up at epicdesignlabs.com. Be sure to leave me a comment if this helped you guys out or if you're stuck or anything else. Let me know what you're stuck on. It might be my next video.

Alright, thank you so much.