Help Center

Improved

Fixed

pelcro

Backlog

Planned

In Progress

Done

Available

In Planning

High Priority

Low Priority

Product Board

User/Growth Ideas

Discovery Board

front-end

backend

Accounting

New Ideas 💡

Discovery

Tech Planning

In Sprint

Pelcro Roadmap

Hey {name|there}! 👋

🔍 Problem StatementAll Pelcro API keys have full access to every resource and action. There is no way to restrict an API key to specific endpoints or operations, which creates unnecessary security exposure — especially when sharing keys with third-party integrators or internal tools with limited scope.<hr>💡 User StoryAs a Pelcro admin, I want to assign granular access controls (scopes) to individual API keys, so that each key is limited to only the resources and actions it needs — reducing security risk.<hr>🎯 Definition of Done (DoD)A feature is done when:✔️ Given API key creation or editing, when an admin selects specific permission scopes (e.g. read-only subscriptions, write invoices), then the key is restricted to those scopes — and any request outside the allowed scopes returns a 403 Forbidden error.

Ability to assign granular access controls to API keys.

Sara Habib

Pelcro

Ability to assign granular access controls to API keys.

Subscribe to post

Subscribe to post