Fine grained access

Introduction to fine grained permissions

Access to the bol Retailer API is managed through scopes, which define which API resources an integration can use (such as orders, inventory, or shipments) and at what permission level. Each scope is available with either read access (to retrieve data) or manage access (to retrieve and modify data). During authorization via the Code Flow authentication method, retailers explicitly select the required scopes for an integration. This ensures integrations only have access to the functionality they need, providing better control over data sharing and improving security.

Good to know

  • Integration partners only have access to the functionalities the retailer explicitly authorize. It is therefore important to configure the correct permissions.

  • Missing permissions may cause an integration to not function properly. In that case, the retailer must go through the authorization process again and grant all required permissions.

  • Existing integrations using the Code flow will continue to work until their expiration date. After that, integrators must be reauthorized using the new process.

Fine Grained Access is expected to be available for the SSO Authentication Flow from August 2026 (date subject to change). Support for the Client Credentials Flow will follow afterwards.

Permissions overview

Grouping Resource Available access levels

Assortment Management

Economic Operators

Read

Read and write

Commissions

Read

Offers

Read

Read and write

Product Content

Read

Read and write

Promotions

Read

Logistics

Inventory

Read

Orders

Read

Read and write

Replenishments

Read

Read and write

Returns

Read

Read and write

Shipping labels

Read

Read and write

Shipments

Read

Read and write

Transports

Read and write

Financial

Invoices

Read

Insights

Products

Read

Insights

Read

Retailer Info

Read

Subscriptions

Subscriptions

Read

Read and write