Permissions and Access Management

Permissions and Access Management allows you to define what actions each user can perform in the Stripo Plugin editor.

This ensures that only authorized users can view or modify emails, modules, or related resources.

All permissions are managed on your backend — the Stripo Plugin enforces them automatically.

How it works

1. Enable the User Permissions API in your Stripo Plugin account: Plugin → Server Settings → User Permissions API.

2. Provide your backend endpoint URL and Basic Authentication credentials.

   

3. When the editor is initialized, Stripo will call your endpoint with the ES‑PLUGIN‑UI‑DATA header, which contains the metadata you passed in the plugin initialization script.

4. Your backend must respond with a JSON object that specifies which actions are allowed for this user.

5. Based on the response, the Stripo editor will enable or disable features accordingly.

Response format

{
  "codeEditor": {
    "read": true,
    "write": false
  },
  "appearance": {
    "read": true,
    "write": false
  },
  "content": {
    "read": true,
    "write": false,
    "textOnly": false
  },
  "modules": {
    "read": true,
    "write": false
  },
  "versionHistory": {
    "read": true,
    "write": false
  },
  "manageOwnComments": {
    "read": true,
    "write": false
  },
  "manageAllComments": {
    "read": true,
    "write": false
  }
}

Permissions reference

The response object supports the following permission groups and actions:

Permission	Action	Description
codeEditor	read	Allows the user to open and view the HTML code editor.
	write	Allows the user to edit and save changes in the HTML code editor.
appearance	read	Allows viewing appearance settings (fonts, colors, styles).
	write	Allows modifying and saving appearance settings.
content	read	Allows opening and viewing template content.
	write	Allows modifying content (adding/removing blocks, changing layout, etc.).
	textOnly	Allows editing only text values without changing layout or design.
modules	read	Allows browsing and inserting custom/saved modules.
	write	Allows creating, updating, or deleting modules.
versionHistory	read	Allows viewing the template version history.
	write	Allows restoring the versions.
manageOwnComments	read	Allows the user to view the Comments tab and read existing comments. Without this permission, the Comments tab is hidden in the editor.
	write	Allows the user to add new comments, reply to existing ones, edit or delete their own comments, and resolve discussions. Requires read permission.
manageAllComments	read	Not currently utilized by the system.
	write	Allows users to edit and delete comments created by other users, providing moderation capabilities.

Example scenarios

• Full editing
  Grant read: true and write: true in all permissions.
• Read-only access
  Grant read: true and set all write: false.
• Text-only editing
  Grant content.read: true and content.textOnly: true, with content.write: false.

API Reference

For details on the request/response format, see User Permissions API → GET method.