Skip to content
This plugin is new and currently in beta. For the stable version, please use the previous version of the plugin.

Permissions and Access Management

Permissions and Access Management allows you to define what actions each user can perform in the Stripo Plugin editor.

This ensures that only authorized users can view or modify emails, modules, or related resources.

All permissions are managed on your backend — the Stripo Plugin enforces them automatically.

How it works

  1. Enable the User Permissions API in your Stripo Plugin account: Plugin → Server Settings → User Permissions API.

  2. Provide your backend endpoint URL and Basic Authentication credentials.

  3. When the editor is initialized, Stripo will call your endpoint with the ES‑PLUGIN‑UI‑DATA header, which contains the metadata you passed in the plugin initialization script.

  4. Your backend must respond with a JSON object that specifies which actions are allowed for this user.

  5. Based on the response, the Stripo editor will enable or disable features accordingly.

Response format

json
{
  "codeEditor": {
    "read": true,
    "write": false
  },
  "appearance": {
    "read": true,
    "write": false
  },
  "content": {
    "read": true,
    "write": false,
    "textOnly": false
  },
  "modules": {
    "read": true,
    "write": false
  },
  "versionHistory": {
    "read": true,
    "write": false
  }
}

Permissions reference

The response object supports the following permission groups and actions:

PermissionActionDescription
codeEditorreadAllows the user to open and view the HTML code editor.
writeAllows the user to edit and save changes in the HTML code editor.
appearancereadAllows viewing appearance settings (fonts, colors, styles).
writeAllows modifying and saving appearance settings.
contentreadAllows opening and viewing template content.
writeAllows modifying content (adding/removing blocks, changing layout, etc.).
textOnly Allows editing only text values without changing layout or design.
modulesreadAllows browsing and inserting custom/saved modules.
writeAllows creating, updating, or deleting modules.
versionHistoryreadAllows viewing the template version history.
writeAllows restoring the versions.

Example scenarios

  • Full editing
    Grant read: true and write: true in all permissions.
  • Read-only access
    Grant read: true and set all write: false.
  • Text-only editing
    Grant content.read: true and content.textOnly: true, with content.write: false.

API Reference

For details on the request/response format, see User Permissions API → GET method.