Frontend API Restrictions
Enable access to various frontend API endpoints and individually configure user permissions and access rules.
Misc APIs
This section provides access to frontend APIs not relating to modules (which have their own separate permissions).
Google Analytics Report
These settings allow you to enable/disable access to the Google Analytics API data for frontend users and to control the type of users that can access it.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Secure Zone Subscribers Analytics
These settings allow you to enable/disable access to the Secure Zone Subscribers API data for frontend users and to control the type of users that can access it.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Module APIs
For frontend site users, permissions can be set to control how they can interact with the frontend APIs used for creating and/or modifying module items.
Each of your site's modules will be listed here, of which the following settings are available when clicking on the pencil icon ().
For ease of finding the appropriate module, a search field is available for the list of items.
Create Module Item
The following options relate specifically to the 'Create Module Item' action.
Workflow
The workflow notification/s that will be triggered upon a user taking this action.
Multiple workflows can be selected and will all be triggered at the same time.
Autoresponder
The autoresponder is an email sent out to the user after the form has been submitted from the front-end of the website.
Determines who's email address to use for delivery of the autoresponder email.
Form sender
Use the email address of the user submitting the form.
Item owner
Use the email address of the assigned module item's owner.
Sender and owner
Use both email addresses of the user submitting the form and module item's owner.
If the autoresponder relates to the 'Create Module Item' action, both 'form sender' and 'item owner' will be the same. Therefore, all options will result in the same autoresponder delivery.
The display name used for the email sender.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
If using a non-verified email domain you’ll see a warning message and icon (). For more info on Email Domain verification see here.
The subject line used for the autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
The content of your autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
API Restrictions
Here you can allow website users to submit, or otherwise manipulate, the Module's items from the front-end of the website. Furthermore, these options allow you to control the permissions those users have.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
To facilitate module item editing from the front-end you’ll need to add the ‘Create/Update/Delete Item’ form/s (found in the Components Manager) to your layouts or pages, or otherwise pass the required item data to the API endpoints.
Update Module Item
The following options relate specifically to the 'Update Module Item' action.
Workflow
The workflow notification/s that will be triggered upon a user taking this action.
Multiple workflows can be selected and will all be triggered at the same time.
Autoresponder
The autoresponder is an email sent out to the user after the form has been submitted from the front-end of the website.
Determines who's email address to use for delivery of the autoresponder email.
Form sender
Use the email address of the user submitting the form.
Item owner
Use the email address of the assigned module item's owner.
Sender and owner
Use both email addresses of the user submitting the form and module item's owner.
If the autoresponder relates to the 'Create Module Item' action, both 'form sender' and 'item owner' will be the same. Therefore, all options will result in the same autoresponder delivery.
The display name used for the email sender.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
If using a non-verified email domain you’ll see a warning message and icon (). For more info on Email Domain verification see here.
The subject line used for the autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
The content of your autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
API Restrictions
Here you can allow website users to submit, or otherwise manipulate, the Module's items from the front-end of the website. Furthermore, these options allow you to control the permissions those users have.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Only Owner allowed (default)
Restricts this action to only the item's owner.
Anyone allowed
Permits this action for any user regardless of the item's ownership.
The above 'Allowed to the Following Type of User' permission is used in conjunction with this option. eg: If you've selected a specific Secure Zone required for the types of users and selected only the owner can update, the owner must also belong to the selected secure zone to have permission to access the endpoint.
To facilitate module item editing from the front-end you’ll need to add the ‘Create/Update/Delete Item’ form/s (found in the Components Manager) to your layouts or pages, or otherwise pass the required item data to the API endpoints.
Delete Module Item
The following options relate specifically to the 'Delete Module Item' action.
Workflow
The workflow notification/s that will be triggered upon a user taking this action.
Multiple workflows can be selected and will all be triggered at the same time.
Autoresponder
The autoresponder is an email sent out to the user after the form has been submitted from the front-end of the website.
Determines who's email address to use for delivery of the autoresponder email.
Form sender
Use the email address of the user submitting the form.
Item owner
Use the email address of the assigned module item's owner.
Sender and owner
Use both email addresses of the user submitting the form and module item's owner.
If the autoresponder relates to the 'Create Module Item' action, both 'form sender' and 'item owner' will be the same. Therefore, all options will result in the same autoresponder delivery.
The display name used for the email sender.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
If using a non-verified email domain you’ll see a warning message and icon (). For more info on Email Domain verification see here.
The subject line used for the autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
The content of your autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
API Restrictions
Here you can allow website users to submit, or otherwise manipulate, the Module's items from the front-end of the website. Furthermore, these options allow you to control the permissions those users have.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Only Owner allowed (default)
Restricts this action to only the item's owner.
Anyone allowed
Permits this action for any user regardless of the item's ownership.
The above 'Allowed to the Following Type of User' permission is used in conjunction with this option. eg: If you've selected a specific Secure Zone required for the types of users and selected only the owner can update, the owner must also belong to the selected secure zone to have permission to access the endpoint.
To facilitate module item editing from the front-end you’ll need to add the ‘Create/Update/Delete Item’ form/s (found in the Components Manager) to your layouts or pages, or otherwise pass the required item data to the API endpoints.
Update Draft Module Item
The following options relate specifically to the 'Update Draft Module Item' action.
Workflow
The workflow notification/s that will be triggered upon a user taking this action.
Multiple workflows can be selected and will all be triggered at the same time.
Autoresponder
The autoresponder is an email sent out to the user after the form has been submitted from the front-end of the website.
Determines who's email address to use for delivery of the autoresponder email.
Form sender
Use the email address of the user submitting the form.
Item owner
Use the email address of the assigned module item's owner.
Sender and owner
Use both email addresses of the user submitting the form and module item's owner.
If the autoresponder relates to the 'Create Module Item' action, both 'form sender' and 'item owner' will be the same. Therefore, all options will result in the same autoresponder delivery.
The display name used for the email sender.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
If using a non-verified email domain you’ll see a warning message and icon (). For more info on Email Domain verification see here.
The subject line used for the autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
The content of your autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
API Restrictions
Here you can allow website users to submit, or otherwise manipulate, the Module's items from the front-end of the website. Furthermore, these options allow you to control the permissions those users have.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Only Owner allowed (default)
Restricts this action to only the item's owner.
Anyone allowed
Permits this action for any user regardless of the item's ownership.
The above 'Allowed to the Following Type of User' permission is used in conjunction with this option. eg: If you've selected a specific Secure Zone required for the types of users and selected only the owner can update, the owner must also belong to the selected secure zone to have permission to access the endpoint.
To facilitate module item editing from the front-end you’ll need to add the ‘Create/Update/Delete Item’ form/s (found in the Components Manager) to your layouts or pages, or otherwise pass the required item data to the API endpoints.
Publish Draft Module Item
The following options relate specifically to the 'Publish Draft Module Item' action.
Workflow
The workflow notification/s that will be triggered upon a user taking this action.
Multiple workflows can be selected and will all be triggered at the same time.
Autoresponder
The autoresponder is an email sent out to the user after the form has been submitted from the front-end of the website.
Determines who's email address to use for delivery of the autoresponder email.
Form sender
Use the email address of the user submitting the form.
Item owner
Use the email address of the assigned module item's owner.
Sender and owner
Use both email addresses of the user submitting the form and module item's owner.
If the autoresponder relates to the 'Create Module Item' action, both 'form sender' and 'item owner' will be the same. Therefore, all options will result in the same autoresponder delivery.
The display name used for the email sender.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
If using a non-verified email domain you’ll see a warning message and icon (). For more info on Email Domain verification see here.
The subject line used for the autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
The content of your autoresponder email.
This field supports Liquid which can be used to insert dynamic content such as member details, form submission details or even data from other modules.
API Restrictions
Here you can allow website users to submit, or otherwise manipulate, the Module's items from the front-end of the website. Furthermore, these options allow you to control the permissions those users have.
Logged in users (default)
Specifies that the user needs to be logged in to perform this action.
Users from the following secure zones
Specifies that the user needs to be logged in to one of the selected secure zones to perform this action.
Admin Users
Specifies that the logged in user needs to be of an 'Admin User' role in the CRM to perform this action.
Only Owner allowed (default)
Restricts this action to only the item's owner.
Anyone allowed
Permits this action for any user regardless of the item's ownership.
The above 'Allowed to the Following Type of User' permission is used in conjunction with this option. eg: If you've selected a specific Secure Zone required for the types of users and selected only the owner can update, the owner must also belong to the selected secure zone to have permission to access the endpoint.
To facilitate module item editing from the front-end you’ll need to add the ‘Create/Update/Delete Item’ form/s (found in the Components Manager) to your layouts or pages, or otherwise pass the required item data to the API endpoints.
Admin User Roles
Access to these Frontend API Restrictions via the admin can also be controlled via Admin User Roles, allowing you to manage which Admin Users can view or edit these settings.