There are three access level currently available to API users.
Admin users have access to all API endpoints without any limitations. This includes the ability to create campaigns, change campaign rules and limitations, add vouchers, and create redemptions. Admin users are able to make changes to objects created by other users.
Point of distribution users can access only a single endpoint which returns vouchers based on provided criteria. Vouchers can belong to any active campaign. This user type is meant to be used in a scenario where an API client is supposed to only distribute vouchers to customers.
Point of sale users are limited to performing CRUD operations on redemptions only. This type of user is meant to be used in point of sale scenarios.
When building your integration make sure to pick user type and associated access token most appropriate for your use case. Admin access tokens should be handled with extreme care as they provide unrestricted access to Vouchery API and your data. Never expose the admin credentials to the user, like in a web or mobile application code, as those can be easily inspected and decompiled revealing the API keys.