Plugin Docs

Appearance

v1.0.0
OAS 3.0.3

User Permissions API

Stripo Support

This API specification describes the webhook endpoint that your server must implement to provide user permissions for the Stripo Email Editor.

The Stripo Plugin enforces role-based access control by calling your endpoint to retrieve permissions for each user session. This allows you to define granular access controls for different parts of the editor (code editor, appearance settings, content editing, modules, version history, and comments management).

How It Works:

  1. Configure the User Permissions API endpoint in your Stripo Plugin settings
  2. When a user opens the editor, Stripo calls your endpoint with user metadata
  3. Your server responds with a JSON object specifying which actions are allowed
  4. The editor enforces these permissions by enabling or disabling features

Authentication: HTTP Basic Authentication is required. Configure credentials in the plugin settings: Plugin → Server Settings → User Permissions API.

Performance: This endpoint is called during editor initialization, so response time should be optimized (recommended: < 500ms).

Server:
Client Libraries
Shell Curl

Methods

User permissions API endpoints

Methods Operations

Get user permissions for email template

Retrieves the set of permissions granted to a specific user for a particular email template.

The Stripo editor calls this endpoint during initialization with user metadata in the ES-PLUGIN-UI-DATA header. Your server should:

  1. Parse the metadata to identify the user and email template
  2. Check the user's role and permissions in your system
  3. Return a JSON object specifying which editor features are accessible

Use Cases:

  • Restrict content editing for reviewers (read-only access)
  • Allow text-only editing for copywriters
  • Grant full access to administrators
  • Control comment creation and moderation capabilities
  • Manage module library access

Performance Considerations: This endpoint is called on every editor initialization, so responses should be fast (< 500ms recommended) and may be cached by your application.

Headers
  • ​E​S​-​P​L​U​G​I​N​-​U​I​-​D​A​T​A
    Type: string
    required

    User and email template metadata that was passed during editor initialization. This header contains the metadata object you provided in the window.Stripo.init() call. Typically includes email ID, and any custom context data.

    The value is URL-encoded JSON. Your server should decode and parse this to identify the user and determine their permissions.

  • ​Cookies
    Type: string
    required

    Browser cookies from the user's session. Can be used for additional authentication or session validation if needed.

Responses
  • 200
    Type: object

    Complete set of user permissions for the email editor. Each permission group controls access to specific editor features and capabilities.

    Permission Groups:

    • codeEditor: HTML code editor access
    • appearance: Design and styling controls (fonts, colors, themes)
    • content: Template content editing (blocks, text, images, layout)
    • modules: Custom module library access (create, edit, delete saved modules)
    • versionHistory: Version control features (view history, restore versions)
    • manageOwnComments: Comment creation and participation
    • manageAllComments: Comment moderation and management

    Permission Logic:

    • read: false hides the feature from the UI entirely
    • read: true, write: false shows the feature but in read-only mode
    • read: true, write: true grants full access to the feature
    • appearance

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

    • code​Editor

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

    • content

      Extended permission value structure for content editing with an additional text-only editing mode. This allows fine-grained control over content editing capabilities.

      • read
        Type: boolean

        Controls visibility and read access to the template content.

        true: User can view the email template content false: User cannot access the template content at all

      • text​Only
        Type: boolean

        Enables text-only editing mode for copywriters and translators.

        true: User can edit text content within existing blocks but cannot modify layout, add/remove blocks, or change design elements. Perfect for copywriters and translators who should focus only on content.

        false: Standard editing mode (controlled by write permission)

        Important: When textOnly: true, the write permission should be false. The textOnly flag provides a special editing mode separate from full write access.

      • write
        Type: boolean

        Controls full content modification permissions.

        true: User can add/remove blocks, change layout, edit text, modify images, and make any structural changes to the template

        false: User cannot make structural changes (but may still edit text if textOnly: true)

    • manage​All​Comments

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

    • manage​Own​Comments

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

    • modules

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

    • version​History

      Standard permission value structure with read and write access flags. Used for most permission groups in the editor.

      • read
        Type: boolean

        Controls visibility and read access to the feature.

        true: User can view and access the feature (possibly in read-only mode) false: Feature is hidden from the user interface entirely

      • write
        Type: boolean

        Controls modification permissions for the feature.

        true: User can make changes and save modifications false: Feature is read-only (requires read: true)

        Note: write: true is meaningless if read: false

Request Example for get/
curl / \
  --header 'ES-PLUGIN-UI-DATA: {"emailId":"456","projectId":"789"}' \
  --header 'Cookies: sessionId=abc123;'

{
  "codeEditor": {
    "read": true,
    "write": true
  },
  "appearance": {
    "read": true,
    "write": true
  },
  "content": {
    "read": true,
    "write": true,
    "textOnly": false
  },
  "modules": {
    "read": true,
    "write": true
  },
  "versionHistory": {
    "read": true,
    "write": true
  },
  "manageOwnComments": {
    "read": true,
    "write": true
  },
  "manageAllComments": {
    "read": true,
    "write": true
  }
}

User permissions retrieved successfully.

Models

© 2025 Stripо.email — Next Generation Email Editor.