Skip to main content
All CollectionsTroubleshooting & Use cases Use cases
Best Practice: Recommended User Permissions for External Post Vendors
Best Practice: Recommended User Permissions for External Post Vendors

How to configure user permissions when using Creative Force’s External Post API

Bri H. avatar
Written by Bri H.
Updated over a week ago

When a vendor connects using the External Post Vendor API, the system allows for a client's credentials to be used as a method of authentication as part of the integration. You can read more on getting started with Client Credentials Flow in Creative Force here.

As a best practice, we would recommend setting up a new dedicated user account to register the app on behalf of, rather than using an active account or existing user. This ensures that permissions and client access can be restricted to only those required for the purpose of connection to Creative Force’s Gateway API, this is the recommended approach from a security standpoint as it helps to reduce the chance of potential data leaks.

Below, we’ll cover the recommended approach when setting up this user account in Creative Force.

Create a New User Role

First, you’ll need to create a new User Role that you will assign to the External Post API Vendor’s user. This Role can be named to your preference, in our example below, we’ve called this role “External Post API”

Next, you’ll determine the access the user assigned to this User Role will have. It is recommended that you only allow the necessary permissions for the External Post API integration, which can be found under the Developer API tab of the User Role settings screen.

The External Post API user will need Edit access for the following permissions:



  • GET /extpost/tasks/{taskId}

  • POST /assets/bulk-get-assets

  • POST /files/bulk-get-files

  • POST /specs/bulk-get-specs

  • PUT /extpost/tasks/{taskId}/start

  • POST /assets/get-presigned-url

  • POST /extpost/tasks/{taskId}/submit-assets


  • GET v1/jobs/{jobId}

  • GET v1/products/{productId}



  • GET /editorial/extpost/tasks/{taskId}

  • POST /assets/bulk-get-assets

  • POST /files/bulk-get-files

  • POST /editorial/specs/bulk-get-specs

  • PUT /editorial/extpost/tasks/{taskId}/start

  • POST /assets/get-presigned-url

  • POST /editorial/extpost/tasks/{taskId}/submit-assets


  • GET /editorial/projects/{projectId}

  • GET /editorial/deliverables/{deliverableId}

Create New User

Once you’ve created the User Role, you can head to Studio Settings > Users and create the User account for the External Post API vendor. Again, it is best practice to use a new email and user that is not already active in the account. Under Settings > User Role, you will select the External Post API role created above.

Once the user has been created, you’ll want to ensure that all Skills are disabled:

Lastly, you’ll need to determine the client access under the User Groups tab. It would be recommended to only enable access for the clients this vendor will be working with.

Add to registered app

Once user setup is complete, you can register the App on behalf of the External Post API User account.

Did this answer your question?