All Collections
Plugin Questions
(Plugin) How to manage user behavior using the Permission Checker API?
(Plugin) How to manage user behavior using the Permission Checker API?

This article helps you to understand the process of working with the Permission Checker API and managing user permissions.

Elmira avatar
Written by Elmira
Updated over a week ago

In today's digital landscape, where software applications integrate various functionalities to provide seamless experiences, the need for robust security measures is paramount. The Stripo Plugin, a versatile tool that empowers users to create stunning templates and designs, takes an extra step to ensure both security and user control through its ingenious permissions system.

Access control and user authorization:

The Permissions Checker API is used to request permission from the client service (the host application that embeds the editor plugin) before the editor allows specific requests to be made to its server. This is done to avoid unauthorized access and actions by users who may attempt to influence the editor using hacking tools.

To make this feature accessible, you have to set up this backend endpoint on your server and add your data in the Plugin tab Server settings Permissions Checker API.

When choosing the Permissions Checker API option, you have to fill out the form to establish a connection with your backend. This is a description of the form fields with specifications regarding what information you will need to provide:

Initialization and Parameter Passing:

The client service sends initialization parameters, including those supplied in apiRequestData, when a customer starts the editor within the plugin application. These parameters help to identify the user and their environment.

Please take a look at the descriptions of the request parameters below:

Please take a look at the descriptions of the response parameters below:

Permission Requests:

During user interaction with the editor, particularly when they attempt actions like removing modules or accessing specific folders or tabs, the editor initiates permission requests to the plugin service. These requests, crafted with the provided parameters, essentially ask the plugin service whether the user has the green light for the requested action.

Let's imagine you would like to edit your module in the Plugin:

After you made some changes, you will receive this notification on your server:

Plugin Service Verification:

The editor operates as an adept communicator, dispatching a tailored request to the plugin service. This request mirrors the defined parameters enshrined in the documentation. The question posed is both fundamental and transformative: "Is this user able to edit/delete modules and images?"

Editor Behavior:

Based on the plugin service's response, the editor either shows or hides certain modules or pictures. If permission is granted, the user is allowed to interact with the requested content. If not, the user is denied access.

Client Application Responsibility:

It's important to mention that the client application arms the responsibility of determining user access and implementing limitations. The client application maintains information about its user base, its roles, and permissions. To ensure that only authorized users can interact with particular templates or functionalities, it is in charge of starting the editor and coordinating the necessary calls.

Managing Template-Modifications:

An interesting note is that the editor itself cannot oversee or regulate the loading, modification, or saving of email templates. These operations are firmly under the control of the client application. It leverages the editor's functions to fetch and manipulate template code according to its own logic.

Restrictions implementation:

If a user in the client application should not have access to certain templates, the client application needs to implement the necessary logic to prevent unauthorized users from launching the editor for those templates.

More information about Permissions Checker API can be found in our documentation.

In conclusion, the Permissions Checker API serves as a communication bridge between the editor plugin and the client service, enabling permission-based control of access for specific actions. The client application is in charge of user identification, authorization, and enforcing access limitations based on its own user management system.

Thank you for taking the time to read our articles. We hope you will find this information helpful.

If you have any additional questions, please email us at

We would be glad to talk with you.

Did this answer your question?