Skip to main content

Reading Permissions


This endpoint is going to be dismissed anytime soon. Use Orders instead.


Make sure you enable this API endpoint for your store by going to Settings -> Integrations in your administration dashboard and tick the option Enable reading permissions.


Make sure to always provide a Fallback URL.

Base URL

All following endpoints operates over the URL of your store:



'Content-Type': 'application/json',
'Accept: 'application/json',
'X-User-Token': api_token,

Make sure you generated the api_token on your store. More info HERE


Set specific reading permissions for individual users on your platform

POST integration-api/v1/reading-permissions

Body parameters

user_external_idstringIs nullable
user_emailstring, emailIs nullable
issues_external_idslist of stringsCan be empty
issues_collectionslist of stringsCan be empty
user_tokenstringUse the same as in your header

Example body

"user_external_id": "user_external_id",
"user_email": "[email protected]",
"issues_external_ids": ["r4asJKDP785w", "snBDRZOa6u8E"],
"issues_collections": ["coleccion-1", "coleccion-2"],
"user_token": "your_api_token"
  • At least one way to identify the user is required, make sure to send at least one of this two fields: user_external_id or user_email.
  • You can overwrite the user access making another request.

Provide a fallback URL

A Fallback URL is a URL that our system requests in the event of missing data. If at the moment of log in of the user, the system is unable to find any permissions for that user, a request is immediately made to the appropriate Fallback URL including the email and external_id of the user in the query string (URL encoded), for example:

GET https://{your_endpoint}[email protected]&user_external_id=ee8a8cb5-9cff-442c-9d78-3e65cc10b114

The response must consist of an object with the following structure:

"issues_external_ids": ["r4asJKDP785w", "snBDRZOa6u8E"],
"issues_collections": ["coleccion-1", "coleccion-2"]


issues_external_idslist of stringscan be empty
issues_collectionslist of stringscan be empty

In the case of a timeout or an error in the validation of the response, the system will only allow the user to access free publications.


The system currently doesn’t supports authentication methods that involve dynamic credentials or with expiration period, such as JWT.


It’s recommended for the responses to take at most 100ms, in order to ensure a good user experience. A 10 seconds timeout will be applied, after which the request will be considered failed.