There are four access user levels available in this version of the API:
SuperAdmin Users are only available in Enterprise Accounts. Such User has access to managing all account projects and their settings, as well as the company details. SuperAdmins have access to every account project and all features.
Admin users have access to all API endpoints without any limitations. This includes the ability to create campaigns, change campaign rules and limitations, add vouchers, and create redemptions. Admin users are able to make changes to objects created by other users.
Point of distribution users can access only a single endpoint which returns vouchers based on provided criteria. Vouchers can belong to any active campaign. This user type is meant to be used in a scenario where an API client is supposed to only distribute vouchers to customers.
Point of sale users are limited to performing operations on redemptions only. This type of user is meant to be used in point-of-sale scenarios and does not have access to create campaigns.
Handling integration access
When building your integration make sure to pick the user type and associated access token most appropriate for your use case. Admin access tokens should be handled with extreme care as they provide unrestricted access to Vouchery API and your data. Never expose the admin credentials to the user, like in a web or mobile application code, as those can be easily inspected and decompiled revealing the API keys.
Ideally, create a separate Admin User, in which the API key is added to the Redemption integration.
Additionally, the User Roles can be restricted to:
Project(s), where the User will have access only to specified projects
Team(s), where the User will have access only to campaigns that belong to the User's Team
Campaign(s), where the User will have access only to the campaigns created by this User