-
Notifications
You must be signed in to change notification settings - Fork 0
Api: Scope
API access is partitioned on the Product level and not the user level
Products are meant to be the atomic level of API access
We do this for security reasons. Usually every site will have a different “product” attached to them.
By granting API access per product we guarantee that no website will have access to data out of its jurisdiction.
In the case where a website has more than one products, like an upgrade plan, we'd like to support the idea of a feature-centric approach to designing your plans instead of the traditional membership plans which are an aggregation of features.
For example, instead of having a "premium" membership which includes all the features of the basic membership plus some additional features, create a membership that grants users access to specific features, with no prerequisite of subscribing to other plans.
That way you should treat each API access like a separate data table and, for example
- Users that subscribe to feature A -> $api1
- Users that subscribe to feature B -> $api2