Granting API Key User Permissions in Fulfil UI
A step-by-step guide to assigning the correct roles and permissions to API key users within the Fulfil admin console
Granting API Key User Permissions in Fulfil UI
A step-by-step guide to assigning the correct roles and permissions to API key users within the Fulfil admin console
Important — Read-Only API Access
This integration uses read-only API calls only. That means it will only ever fetch and read data from your Fulfil account — it will never create, edit, update, or delete any records. No changes will be made to your orders, stock, products, or any other data in your Fulfil instance.
To ensure this works correctly, the API key user in your Fulfil account must be assigned the right permission groups. The steps below will walk you through exactly what to assign.
How to Assign Permissions
- Log in to your Fulfil admin console and go to Settings > Users > Users
- Find the user associated with your API key (Associated with the User)
- Open the user profile and click Edit
- Access Permissions / Groups (Click on Plus Button to Observe Permissions)
- Then Add it > Click Save
The API key will immediately inherit these permissions. No new API key needs to be generated and no restart is required.
Full List of Permission Groups to Assign
Since this is a read-only analytics integration, assign the following groups to the API user. Each group allows the integration to read the relevant data without the ability to make any changes:
| Group | Why It Is Needed |
|---|---|
| Sales / Admin | Read sales orders and related records |
| Stock / Admin | Read inventory and stock movement data |
| Purchase / Admin | Read purchase orders and supplier data |
| Product / Admin | Read product catalog and item details |
| Production / Admin | Read production orders and manufacturing data |
| Account / Admin | Read account and customer information |
| Financials / Costs / View | View cost and financial data — no edit access |
| Bin Transfer / View | View bin and warehouse transfer records — no edit access |
To assign these, go to Settings → Users → [the API user] → Access Permissions / Groups, add each group from the list above, and save. Changes take effect immediately on the next API request — no key rotation needed.
What This Means for You
Once these groups are assigned, the integration will be able to pull all the data it needs to run reports and analytics. Since everything is read-only, you can be confident that:
- No orders will be created or modified
- No stock levels will be changed
- No financial records will be altered
-
Your live Fulfil data remains completely safe
Model → Required Group Permissions
There isn't a flat public mapping document — access is enforced by ir.model.access records, and many models grant read access to multiple groups (a user only needs to belong to one of them). For the models we have listed, the groups below will cover read access: (Mentioned by Fulfil Team)
| Model | Group(s) that grant read |
| product.product, product.category, product.attribute | Product / Admin or Sales / Admin |
| product.product cost fields (cost_price, cost_prices, etc.) | Financials / Costs / View (field-level — required in addition to the model-level group) |
| product.brand, product.product.channel_listing | No group restriction (any authenticated user) |
| product.price_list | Sales / Admin |
| product.tax_code | Account / Admin |
| sale.sale, sale.line | Sales / Create orders or Sales / Admin |
| sale.channel | Sales / Admin |
| channel.exception (lazy-loaded by sale.sale.exceptions, has_channel_exception) | Sales / Create orders or Sales / Admin |
| stock.move, stock.location, stock.inventory, stock.inventory.line, stock.shipment.in.return, stock.shipment.out | Stock / Inventory or Stock / Admin |
| stock.bin_transfer | Bin Transfer / View |
| purchase.purchase, purchase.line | Purchase / Create POs or Purchase / Admin |
| production.bom | Production / Admin or Stock / Admin |
| res.user | Sales / Admin (or any admin-level group) |