API key - more permission granularity


there are not many different permissions for API keys. Actually for any data manipulation full access key must be used.

For example we want to write code that creates new user and subscription for him, but doesn't do editing or deletion. Currently we are forced to use key with full access, thus risking our data.

It would much better to have different permission for each kind of action.


Hey Pirozhkov,

For your use case, you could set the permission as "Publishable Key" while creating the API Key. This would allow you to create API calls such as Create a subscription, Checkout new subscription etc.

Here's a screenshot for your reference:

I tried, here is code:
$key = 'test_gdgdted64356ed534rer';//publish key
ChargeBee_Subscription::createForCustomer('12345', ['id'=>'qwerty', "planId" => "plan"]);


but got error
PHP Fatal error:  Uncaught exception 'ChargeBee_APIError' with message 'Sorry, authorization failed. The key does not have the required permissions' in /root/workspace/webhook/lib-bee/ChargeBee/Curl.php:101

While full access key works well.


Hey Pirozhkov,

Unfortunately the publishable key would not work for "Create a customer" and Create Subscription for a customer" API calls at the moment, Sorry.

I've notified our engineering team regarding this and they would include the API calls under this branch key during future revamp. We'll certainly reach out to you once it is made available.

1 person likes this
Login or Signup to post a comment