General

Discontinuation of the Data Role

Why the Data Role is discontinued and steps to take as a Developer

Who is this article for?

This article is targeted to Developers who have previously had a Data Role in their clients' Commerce7 accounts.

What is happening?

As of June 3, 2024, we will no longer be allowing the use of the "Data" role for clients that have been live for 60+ days. If you are using the role for data migration purposes, this will give you the opportunity to make adjustments for a brief period of time after launch. If you are currently using the role for your integration, we ask that you create an app before June 3, 2024 to replace it so that your integration will continue to work. After the 60 days, API access through this role will be denied.


Why are we making changes?

The account "Data" role is intended to be used for migrating data for new clients, but we see many developers using it to gain access to client data for integrations. The data role grants full privileges to all of the client's information which increases the security risk for both them and you.

We believe in least privilege access - and want to ensure that clients are able to grant you only the access necessary without putting them (or yourselves) at risk.


Steps to take

If you have an active integration with Commerce7 and are currently using the data role, here's what you need to do before the deadline:

  1. Create an app through the Commerce7 App Development Center
  2. Select the type of app:
    1. For public integrations, choose a type of "Integration". Once the app is published, it will be available on the Commerce7 App Store to install; also allowing you to increase your marketing exposure and grow your clients!
    2. If you don't want your app or integration to be public, select a type of "Private". This will allow you enter which clients can see and install it through the App Store without making it public for all.
  3. Update your authentication: Instead of using Basic Auth with a username/email and password, keep using Basic Auth, but with the "App ID" as the username and the "App Secret Key" as the password. You'll still pass the tenant ID in the header like you were doing previously. Learn more
  4. Select API endpoints required: In your app version, select which API endpoints you need access to. When the client installs the app, it will grant you this access. Learn more
  5. Submit your app: Once your app is ready, submit it to the Commerce7 team. You'll also need to add some content for the App Store. Once it's been approved, it will be published and available for clients to install.
  6. Clients should now install your app and remove your Data role access under Settings > Accounts. Installing the app will grant you the permissions needed to integrate, but in a much more secure way.