Added identity providers —
Check the API reference
LogoLogo
Other APIsChangelog
  • Welcome to Provisioning API
  • Getting started
    • API specification
    • Authorization
    • Applications
  • API reference
    • API credentials
      • The API credential object
      • Create an API credential
      • List all API credentials
      • Retrieve an API credential
      • Update an API credential
      • Delete an API credential
    • Application memberships
      • The application membership object
      • Create an application membership
      • List all application memberships
      • Retrieve an application membership
      • Update an application membership
      • Delete an application membership
    • Identity providers
      • The identity provider object
      • Create an identity provider
      • List all identity providers
      • Retrieve an identity provider
      • Update an identity provider
      • Delete an identity provider
    • Memberships
      • The membership object
      • Create a membership
      • List all memberships
      • Retrieve a membership
      • Update a membership
      • Delete a membership
    • Membership profiles
      • The membership profile object
      • Create a membership profile
      • List all membership profiles
      • Retrieve a membership profile
      • Update a membership profile
      • Delete a membership profile
    • Organizations
      • The organization object
      • Create an organization
      • List all organizations
      • Retrieve an organization
      • Update an organization
    • Permissions
      • The permission object
      • Create a permission
      • List all permissions
      • Retrieve a permission
      • Update a permission
    • Roles
      • The role object
      • Create a role
      • List all roles
      • Retrieve a role
      • Update a role
    • User
      • The user object
      • Retrieve the user
      • Update the user
    • Versions
      • The version object
      • List all versions
      • Retrieve a version
On this page
  • Permissions
  • Adding restrictions
  1. API reference

Application memberships

The application membership object and the allowed CRUD operations on the related resource endpoint

PreviousDelete an API credentialNextThe application membership object

Last updated 6 days ago

Application memberships connect the of a user of an to a specific , via the related with determined permissions granted by the associated .

You can assign one or more members of an organization a set of application memberships by creating a dedicated .

Please note that only Admins (i.e. users with an admin role) can perform all the CRUD actions on the application memberships of an organization, while Members (i.e. users with a read_only or custom role) are allowed only to a specific application membership and/or to of application memberships.

When you send a GET request to the application_memberships endpoint, all your application memberships plus all the organization memberships of the organizations of which you are an admin will be returned.

Permissions

Since each Dashboard app comes with its own set of in terms of CRUD actions on the single Core API resources, to get the real permissions of the user on the specific app the permissions associated with the role used to create an application membership must be crossed with the app's ones. For example:

  • admin roles will get the Full access permissions of the related app

  • read_only roles will get the Read-only permissions of the related app

  • custom roles will get their custom permissions as long as they are a subset of the Full access list of permissions of the related app

Adding restrictions

You can add some restrictions to the default rules above narrowing the scope of an application membership and granting specific users Partial access to specific apps (e.g. allowing a user to manage only the shipments identified by an ID included in a specific array, allowing a user to update only the orders belonging to a specific market, etc.) by leveraging the filters attribute:

...
  "filters": {
    "{{predicate}}": {{value}},
    ...
  }

To compose the filter predicate, you just need to follow the you use when filtering a collection of Core API resources — {{attributes}}_{{matcher}}. You must specify filtering rules as a valid JSON object. List values for the *_in matcher need to be expressed as arrays.

membership
organization
Dashboard app
role
membership profile
retrieve
fetch a list
Applications
API credential
same syntax
permissions