In today's digital landscape, where software applications integrate various functionalities to provide seamless experiences, the need for robust security measures is paramount. The Stripo Plugin, a versatile tool that empowers users to create stunning templates and designs, takes an extra step to ensure both security and user control through its ingenious permissions system.

The Permissions Checker API is used to request permission from the client service (the host application that embeds the editor plugin) before the editor allows specific requests to be made to its server. This is done to avoid unauthorized access and actions by users who may attempt to influence the editor using hacking tools.
​
To make this feature accessible, you have to set up this backend endpoint on your server and add your data in the Plugin tab → Server settings → Permissions Checker API.

When choosing the Permissions Checker API option, you have to fill out the form to establish a connection with your backend. This is a description of the form fields with specifications regarding what information you will need to provide:

The client service sends initialization parameters, including those supplied in apiRequestData, when a customer starts the editor within the plugin application. These parameters help to identify the user and their environment.
​

Please take a look at the descriptions of the request parameters below:

Please take a look at the descriptions of the response parameters below:

​

During user interaction with the editor, particularly when they attempt actions like removing modules or accessing specific folders or tabs, the editor initiates permission requests to the plugin service. These requests, crafted with the provided parameters, essentially ask the plugin service whether the user has the green light for the requested action.
​
​

Let's imagine you would like to edit your module in the Plugin:

After you made some changes, you will receive this notification on your server:

The editor operates as an adept communicator, dispatching a tailored request to the plugin service. This request mirrors the defined parameters enshrined in the documentation. The question posed is both fundamental and transformative: "Is this user able to edit/delete modules and images?"

​

Based on the plugin service's response, the editor either shows or hides certain modules or pictures. If permission is granted, the user is allowed to interact with the requested content. If not, the user is denied access.
​
​

It's important to mention that the client application arms the responsibility of determining user access and implementing limitations. The client application maintains information about its user base, its roles, and permissions. To ensure that only authorized users can interact with particular templates or functionalities, it is in charge of starting the editor and coordinating the necessary calls.
​
​

An interesting note is that the editor itself cannot oversee or regulate the loading, modification, or saving of email templates. These operations are firmly under the control of the client application. It leverages the editor's functions to fetch and manipulate template code according to its own logic.
​
​

If a user in the client application should not have access to certain templates, the client application needs to implement the necessary logic to prevent unauthorized users from launching the editor for those templates.
​

More information about Permissions Checker API can be found in our documentation.
​
​

Thank you for taking the time to read our articles. We hope you will find this information helpful.

If you have any additional questions, please email us at support@stripo.email.

We would be glad to talk with you.