High Risk Permissions in BigCommerce
Oct 1, 2023

High-Risk Permissions in BigCommerce

BigCommerce has continuously provided merchants with tools to bolster sales staff their e-commerce stores. One of the latest features to garner attention is the introduction of high-risk permissions. But what does this mean for you as a store owner, and more importantly, how can you utilize this feature to streamline your developer and sales staff's tasks?

Kal, the CEO of Epic Design Labs and a proficient bigcommerce developer, delves deep into this feature in his latest video.

The Heart of High-Risk Permissions

In a digital ecosystem where access permissions for individual users can determine the fate of sales manager a store's data integrity, BigCommerce's high-risk permissions come as a breath of fresh air for both developers and store owners. Kal illuminates the key aspects of this feature:

  • Location: Found under Account Settings when creating or editing a user account.

  • Purpose: To grant developers the authority to create, view, or delete API keys.

  • Types of API Keys: Two distinct API keys are highlighted; the CLI stencil keys (beneficial for developers for front-end tasks) and the v2 v3 API key (essential for apps to interact with your store).

Why Trusting Your BigCommerce Development Agency is Crucial

Granting high-risk app permissions, is no light matter. By giving this access, you're allowing your developer to communicate in and out of your system admin your store's data, making it easier for them to complete tasks without the constant need to bug you for user account permissions. Yet, as the term suggests, these user permissions come with risks. Kal, with his experience as both a developer and store owner, emphasizes the importance of placing trust in your Bigcommerce development agency. If there's a hint of doubt? Maybe it's time to reconsider who's handling your store's development.

If you're in the e-commerce realm, understanding the details and nuances of any new user account permissions, especially ones as critical as high-risk user account permissions in BigCommerce, is essential. Kal's video is a deep dive into the feature's practicalities and potential impacts on your store.

We've provided a snapshot, but the real essence and depth of knowledge are in the video itself. So, why wait?

Watch the full video above and get a comprehensive insight into high-risk permissions in BigCommerce.

Video Transcript:
(High-Risk Permissions in BigCommerce)

Hey there, in this video, we're going to go over a new feature of Bigcommerce called high-risk user accounts, access and permissions.

And before we get started, my name is Kal. I'm a developer and a store owner, just like you, and I run an online community for other apps and store owners like us. There'll be special app access a link at the end; let me show you. Let me share my screen, not your screen. Let me share my screen, and I'll show you what I'm talking about.

Okay, so this is found under Account Settings. And when you go to create a new user or edit an existing user account, you can still assign most of normal permissions to your user account permissions just by selecting store administrator password or whatever, just like you always could. But now there's a new section down here called higher-risk permissions.

Enable User Permissions

And this is super handy. Before this feature came out, the only way that you would get an API created was if the owner of a user account on a big commerce store said I wanted to create an API key. And you know, so much of the time, store owners don't understand what the user role and API keys are for, what to do with them, or what specific permissions to set on them.

So it was kind of a little bit awkward to get API keys when you needed them. With this new set of high-risk permissions, you can give the user that you're creating the ability to create a new API key, grant permissions to view existing API keys, delete API, request access to keys, or all three.

Now, there are two different API keys. Now, there's CLI stencil CLI keys, which developers existing users alike may use to develop your app requests the store that let us see and edit front-end things.

Using stencil local, it's really nice, blah, blah, blah, buzzwords, but it's great for developers. It also allows you to create a v2 v3 api key for your app developer. That's the type of API key that you would use to connect installed apps to your store through apps, so that the app can talk to your store and maybe create products or, you know, admin users or do something with your orders.

User Permissions

Whatever it is, this set of the user interface and account permissions lets your developer create the API key that they need for the purpose core functionality that they're looking to use it for. Right?

So this is kind of handy because it means that your developer doesn't have to bug you anymore, that it is high-risk permission, and that they can do some things in your store by communicating in and out of control of your data. But it does make it a lot easier for them to be able to create it on their own account on your behalf.

The delete would be a little bit of an optional permission, I would say. But if you want them to be able to clean up the existing API keys when they're no longer used, that would give them permission to do that by default.

So it's high-risk. But if you trust your developer, then you're probably okay giving them these. If you don't trust your developer,

Can you get a new developer? Alright, so this is one of the ways that they can get API keys.

This is an example of what high-risk user permissions are in big commerce.

I hope that clears it up. It's a really nice feature. It's a really small feature. But it's really handy to let your tech people handle and manage your API keys above permissions, which is totally their domain.

So I appreciate you guys being with me. I hope this helped you guys out. If you're interested in our courses or community, check out e-commerce amplifiers.

If you're interested in working with me or my team, hit us up at epicdesignlabs.com. Be sure to leave me a comment if this helped you guys out or if you're stuck or anything else. Let me know what you're stuck on. It might be my next video.

Alright, thank you so much.