What are plugin permissions?
As a Crisp user, you may want to connect plugins to your website on Crisp, in order to extend it with features such as integrations to other SaaS you use, or community plugins that do a specific thing that is not available in the Crisp base software. Plugins may need to access your Crisp data, and modify it. Permissions restrict what they have access to, and provide you knowledge of what plugins do to your data.
Permissions can be viewed in the plugin details in your Crisp dashboard, for each plugin. While some plugins may only need to store some data values in your Crisp contacts, some more complex plugins may need to send messages through your Crisp, and even read your messages.
As you may need to install some community-built plugins in your Crisp website, you may obviously not feel confident to give them full access to your data. That is what permissions are for. Whenever a plugin developer publishes a plugin through our plugin Marketplace platform, the plugin goes through a review process with our team, where a justification needs to be written for each requested permission. We are very strict on this review process.
The plugin developer has by default no permission on its user data (ie. websites that installed the plugin). We ask each plugin developer to explicitly request permissions, which are very specific and narrow, in read or write mode (or both). For instance, a plugin may only need to send messages on your behalf but not read your messages, therefore it needs the inbox message permission, in write mode.
Plugin permissions are categorized in 3 groups: Messaging, Contacts and Website. Respectively, they give access to either your Crisp Inbox, Crisp CRM or website information.
All available permissions are listed below.
1. Messaging
website:conversation:initiate: create new conversations;
website:conversation:sessions: access conversation metadata (eg. email addresses);
website:conversation:suggest: suggest conversation information (eg. segments);
website:conversation:messages: access all conversation messages;
website:conversation:states: manage conversation states (eg. resolved, unresolved);
website:conversation:participants: manage conversation participants (ie. CC'ed people);
website:conversation:pages: access browsed pages;
website:conversation:events: list and push conversations events;
website:conversation:actions: perform actions on conversations (eg. send a transcript);
website:conversation:browsing: access MagicBrowse;
website:conversation:calls: access Crisp calls;
website:conversation:reminders: schedule reminders on conversations;
website:conversation:routing: manage assigned operators on conversations;
2. Contacts
website:people:statistics: access CRM statistics (eg. count of contacts in the CRM);
website:people:suggest: suggest CRM information (eg. segments);
website:people:profiles: access all people profiles;
website:people:conversations: list attached conversations for each profile;
website:people:events: list and push CRM events;
website:people:data: list and set CRM data;
website:people:subscriptions: manage the status of email subscriptions;
3. Website
bucket:url: upload files;
website:availability: access website availability data (eg. online operators);
website:operators: manage website operators (usually used to email operators about something);
website:settings: manage website settings;
website:verify: access website verify protected information (eg. signature key for the chatbox);
website:visitors: access website visitors;
Permissions can be viewed in the plugin details in your Crisp dashboard, for each plugin. While some plugins may only need to store some data values in your Crisp contacts, some more complex plugins may need to send messages through your Crisp, and even read your messages.
Why are plugin permissions important?
As you may need to install some community-built plugins in your Crisp website, you may obviously not feel confident to give them full access to your data. That is what permissions are for. Whenever a plugin developer publishes a plugin through our plugin Marketplace platform, the plugin goes through a review process with our team, where a justification needs to be written for each requested permission. We are very strict on this review process.
The plugin developer has by default no permission on its user data (ie. websites that installed the plugin). We ask each plugin developer to explicitly request permissions, which are very specific and narrow, in read or write mode (or both). For instance, a plugin may only need to send messages on your behalf but not read your messages, therefore it needs the inbox message permission, in write mode.
Which plugin permissions are available?
Plugin permissions are categorized in 3 groups: Messaging, Contacts and Website. Respectively, they give access to either your Crisp Inbox, Crisp CRM or website information.
All available permissions are listed below.
1. Messaging
website:conversation:initiate: create new conversations;
website:conversation:sessions: access conversation metadata (eg. email addresses);
website:conversation:suggest: suggest conversation information (eg. segments);
website:conversation:messages: access all conversation messages;
website:conversation:states: manage conversation states (eg. resolved, unresolved);
website:conversation:participants: manage conversation participants (ie. CC'ed people);
website:conversation:pages: access browsed pages;
website:conversation:events: list and push conversations events;
website:conversation:actions: perform actions on conversations (eg. send a transcript);
website:conversation:browsing: access MagicBrowse;
website:conversation:calls: access Crisp calls;
website:conversation:reminders: schedule reminders on conversations;
website:conversation:routing: manage assigned operators on conversations;
2. Contacts
website:people:statistics: access CRM statistics (eg. count of contacts in the CRM);
website:people:suggest: suggest CRM information (eg. segments);
website:people:profiles: access all people profiles;
website:people:conversations: list attached conversations for each profile;
website:people:events: list and push CRM events;
website:people:data: list and set CRM data;
website:people:subscriptions: manage the status of email subscriptions;
3. Website
bucket:url: upload files;
website:availability: access website availability data (eg. online operators);
website:operators: manage website operators (usually used to email operators about something);
website:settings: manage website settings;
website:verify: access website verify protected information (eg. signature key for the chatbox);
website:visitors: access website visitors;
Updated on: 15/02/2021
Thank you!