Set up app permissions

The next step is to set up permissions for those features of your app that require parental consent. For example, your app might need permission to send a welcome magazine to a kid, or to collect the kid’s email address.

This step includes defining some text (or ‘copy’) to describe each permission and why it is required. This copy is displayed to the parent and the user.

Define your app’s permissions and copy

You cannot set up permissions and copy yourself. Instead, contact your Implementation Manager who will help you to define what permissions you need and build them into your user experience.

For each permission, you need to provide the following information:

  • A title for the permission; for example ‘Welcome Magazine’. Maximum 20 characters.
  • A description of the permission that is displayed to the parent in the Parent Portal and in emails to the parent. Maximum 255 characters.
  • A description of the permission that is displayed to the user in the SSO view during the sign-up process. Maximum 255 characters.
  • A link (HTTPS URL) to your app’s privacy policy.

The copy that you provide for the permission descriptions should be clear and concise. It should enable the parent or child to understand what is being asked of them. Where the app collects personal information, be clear about what exactly the information will be used for. Ensure you lean on your own legal counsel when writing this copy.

This example shows how the titles and descriptions for 2 permissions are displayed to the parent in the Parent Portal:

View permissions in the Control Panel

Once your Implementation Manager applies your permissions and copy, you can view them in your KWS Control Panel. To do this, select the required app, and then click Settings > Permissions:

The List of permissions displays the following information about each permission:

CodeThe permission code which can be used in API endpoints. See API endpoint for permissions, below.
NameThe name of the permission. This is displayed to parents and users.
DependenciesThe name of a permission that must be granted before this permission can be granted.

For example, assume your app has 2 permissions: ‘Email’ and a weekly ‘Newsletter’. Your newsletter is delivered via email, so you need to know the child’s email address before you can send the newsletter.
In this case, the ‘Newsletter’ permission would have Dependencies set to ‘Email’.
TypeThis is the type of parental consent required for this permission.

Opt-in (Email Plus) means the parent has to explicitly grant the permission before the kid has access to the feature.
Opt-out means the parent is simply notified that their kid is using the feature. The parent has to explicitly revoke permission (opt out) at any point if they don’t want their kid to do this.

For more information about opt-in and opt-out consent, see Types of parental consent.
PrerequisiteRequired / Optional
If ‘Required’, the permission is a precondition to the service and cannot be revoked.
Parental verificationRequired / Not required
If ‘Required’, the permission is granted only if the parent has been verified as being an adult.
For more information, see Parental consent and verification.
Creation dateThe date the permission code was created in KWS.
Parent descriptionThe description of the permission that the parent sees in the Parent Portal.
Child descriptionThe description of the permission that the user sees in the SSO view.
Privacy policyThe URL to your app’s privacy policy.

Localise permissions

Contact your Implementation Manager if you wish to provide permissions and/or copy in multiple languages. When they have uploaded the localised permissions and copy for you, you can view them in the Permissions tab by selecting the language from the dropdown menu on the right-hand side:

API endpoint for permissions

You can use permission codes within the POST /v2/apps/:appId/users/review-permissions endpoint. This endpoint sends an email to the parent with an authenticated link to the Parent Portal. When the parent clicks on the link, they are automatically logged into the Parent Portal where they can review their child’s permissions.

Trigger a webhook when permissions change

You can create a webhook to notify your application backend with an HTTP call when a user’s permissions change. To do this, follow the instructions in Set up webhooks and set the Webhook action to ‘User permission changed’.

Updated on 25/11/2020

Was this article helpful?

Related Articles