Skip to main content

Roles and Permissions

WickiePay uses role-based access control (RBAC) to manage user permissions across the portal and API.

Portal Roles

Role	Description	Key Permissions
Admin	Full access to all features	Manage users, API keys, settings, all operations
Compliance	Compliance and risk management	View/manage screening, KYC/KYB cases, AML reviews
Operations	Day-to-day operations	Transaction monitoring, channel management, balances
Finance	Financial oversight	View balances, settlements, reports, reconciliation
Developer	Integration and technical	API keys, webhook config, sandbox testing
Viewer	Read-only access	View all data, no modifications

Permission Matrix

Action	Admin	Compliance	Operations	Finance	Developer	Viewer
Manage users	Yes	—	—	—	—	—
Manage API keys	Yes	—	—	—	Yes	—
Create payments	Yes	—	Yes	—	Yes	—
View payments	Yes	Yes	Yes	Yes	Yes	Yes
Create withdrawals	Yes	—	Yes	—	—	—
Approve withdrawals	Yes	Yes	—	—	—	—
View balances	Yes	—	Yes	Yes	Yes	Yes
Manage channels	Yes	—	Yes	—	Yes	—
Screening review	Yes	Yes	—	—	—	—
Configure webhooks	Yes	—	—	—	Yes	—
View reports	Yes	Yes	Yes	Yes	Yes	Yes
Manage treasury	Yes	—	Yes	Yes	—	—
Manage venues	Yes	—	—	—	—	—

API Key Roles

API keys can be assigned specific roles that limit their permissions. Always follow the principle of least privilege:

Payment API keys — Only payment creation and querying
Read-only API keys — Query data without modification
Full access API keys — All operations (use sparingly)

Assigning Roles

Via Portal

Navigate to Settings > Users
Select a user
Assign one or more roles
Click Save

Best Practices

Security

Assign minimum required permissions per user
Use separate API keys for different services
Review and audit permissions regularly
Remove access promptly when no longer needed

Portal Roles
Permission Matrix
API Key Roles
Assigning Roles
- Via Portal
- Best Practices