API Permissions

Default Permissions

Every authorized application has default permissions that are always granted. The default permissions cannot be revoked.

  • These permissions allow an application to do the following:
    1. Access lists, messages, campaigns
    2. Create, update, delete and move subscribers in lists
    3. Create, update and delete custom fields in lists

  • When an application with only the default permissions accesses subscriber information, the following four fields are not shown:
    • name
    • email
    • IP address
    • miscellaneous notes

Additional Permissions

Each of the following permissions must be explicitly granted. They do not overlap.

    Request Subscriber Data

  • This permission allows the application to do the following:
    • Access the (otherwise restricted) following four fields for subscribers:
      • name
      • email
      • IP address
      • miscellaneous notes
    • Find subscribers using search parameters such as name, email, status, city, country, custom fields, etc.
    • When accessing broadcast stats, allow access to:
      • Top 10 subscribers by opens
      • Top 10 subscribers by gross sales

    Manage Email

  • This permission allows the application to do the following:
    • Manage all email communications to subscribers on behalf of the AWeber customer.

How permissions work

When an AWeber customer signs up for your application, the permission settings at the time of authorization are invoked.

If you decide to change permissions after AWeber customers have authorized your application, the AWeber customer must re-authorize. Otherwise, the AWeber customer will still be able to use your application but functionality that goes beyond the permissions in which they authorized with will return 404 ForbiddenError.

Permissions are exclusive, NOT inclusive. If you ask for schedule broadcast permissions your application will not inherit subscriber data permissions.

How to set permissions

The permissions are in place to keep your users' data safe and reassure them that your application is operating in a way they can trust. By default, applications are not permitted to access subscriber data or schedule broadcasts but can request access by doing the following:

  1. Login into your AWeber Labs account
  2. Go to "My Apps"
  3. Click the "Edit" button
  4. Click on "Permission Settings"
  5. Check the appropriate permissions desired. We recommend choosing the lowest required access for your application.
  6. Click the "Save Permission Settings" button
  7. Click the "Save" button to save all settings changes
app permissions pane

When you enable any permissions, your users will see a modified verification page that highlights the permissions level you chose. The following shows a user authorizing an application that asks for subscriber data and requests permissions to schedule broadcast messages.

user authorize page

Once an AWeber customer authorizes your application, your application will have the permissions that were set at the time of authorization.