API Keys with Roles: Secure Collaboration for Commerce Integrations

A traditional integration usually ends up with:

– One API key shared by multiple services
– Unlimited access “because it’s easier”
– No clear way to give an agency access to only the parts they manage
– No clean separation between dev/staging/prod

This is how innocent setups evolve into scary ones.

We’ve been expanding Qilin’s RBAC (Role-Based Access Control) foundation so you can answer the question:

> “Who is allowed to do what—exactly?”

The pieces

• Permissions represent actions on resources (create/read/update/delete).
• Roles group permissions.
• API Keys can be tied to roles so machine-to-machine integrations get the same clarity as human users.

Examples of resources that can be permissioned include:

– Pipelines, channels, connectors
– Credentials
– Data Flow Tracking (observability)
– Queue storage
– Core domain objects like products, orders, offers

This may sound bureaucratic—until you’ve had to recover from a “shared key” incident. Then it sounds like wisdom.

1) Least privilege becomes practical

Instead of giving your CI pipeline “admin”, you can grant:

• pipeline.read / pipeline.update
• channel.read
• dataflowtracking.read

…and nothing else.

If that key leaks, the blast radius stays small.

2) Cleaner multi-environment automation

You can generate separate API keys for:

• local development
• staging
• production

…each with scoped permissions, without breaking your deployment workflow.

3) Better partner & agency workflows

Agencies can be given access to *only* what they need to operate:

• building pipelines
• monitoring executions
• managing channel configs

…without touching billing, user management, or credentials outside their responsibility.

Imagine a merchant hires an agency to set up:

• Shopware 6 → Qilin ingestion
• Qilin → marketplace export
• Monitoring and alerting

The merchant wants:

• the agency to build and maintain pipelines
• visibility into everything
• control over sensitive credentials and billing

With role-scoped API keys:

• the agency can manage pipelines and channels
• the merchant can own credentials and subscription settings
• both can see execution logs via Data Flow Tracking

No more “we need admin access for this one quick change”—which famously never stays “quick”.

• Merchants: You can safely delegate without losing control.
• Agencies: You can standardize your delivery process and reuse roles across projects.
• Everyone: Auditing becomes easier, onboarding becomes faster, and security stops being a blocker.

Strong access control is the kind of platform maturity that shows up in the right metrics:

• lower support load
• faster onboarding
• fewer incidents
• higher retention

It’s not flashy. It’s foundational.

Security and speed are best friends when done right. Next month, we’ll peek under the hood at some performance-focused platform work—think caching, storage decisions, and the kind of engineering changes users don’t see… but definitely feel.

The best integrations aren’t the ones that work today.

They’re the ones that still work cleanly a year from now, when the team changed, the requirements shifted, and nobody remembers why the “integration_admin” key existed in the first place.

Qilin.Cloud is building toward that future—on purpose.