B2B sales rep company authorization
Storefront sales reps (Super Admins) can now only access companies they are directly assigned to. Assignments do not traverse the Account Hierarchy — assigning a sales rep to a parent Company does not grant access to its subsidiaries.
- Scoped access — the storefront Companies and Users API enforces sales rep–to–company assignment on requests targeting a specific
companyId - Unassigned company — returns
403 Permission denied; a non-integercompanyIdreturns400 Invalid companyId - Assigning companies — use the Server-to-Server Super Admin API to assign a sales rep to each Company they need to act on, including subsidiaries
For details, see the Super Admin overview.
