Marketing team access

The dashboard supports two roles so marketing can use PulseGate without seeing unmasked customer PII.

Roles

Role	API key	Access
admin	ANALYTICS_API_KEY	Full access: all pages, unmasked leads and submissions.
marketing	Dashboard-generated key (Settings → Marketing API keys) or optional ANALYTICS_MARKETING_API_KEY	Restricted: no main Leads list or Lead detail; email/phone masked; visible pages per key.

The worker derives the role from which API key was used (Bearer or X-API-Key). Marketing keys can be generated in Settings → Marketing API keys: each key is auto-generated with a regenerate option, and each key has its own page settings (which pages that key can open). The dashboard receives role in the /analytics/overview response and marketing_visible_pages from the banner (per-key) for nav and route guard.

What marketing can see

Which pages a marketing user can open is controlled per key when you create or edit a key in Settings → Marketing API keys. By default (when creating a new key) all non-admin pages are allowed:

• Dashboard (overview)
• Lead stats, Moderation
• AI report, Ask
• Lead analytics (submissions table with masked email/phone)
• Testing leads, Blocked IP leads (masked email/phone)
• Blocked IPs, Whitelisted IPs (list, add, unblock/remove)
• Sessions, Replay
• Dropdown options (Source, Country, Project, City — used in forms and filters)

Admins can limit which pages each key can access (edit the key and uncheck pages). Unchecked pages are hidden in the sidebar and redirect to the dashboard if that key is used to open them directly. After you change a key’s pages, the marketing user must refresh the dashboard to see the updated sidebar and access.

What marketing cannot see

• Leads (main CRM leads list) — redirect to dashboard
• Lead detail (/leads/:id) — redirect to dashboard
• Recent submissions (widget on leads page) — 403 Forbidden
• Settings — entire Settings section (sidebar and routes) is hidden; redirect if URL is opened
• Forms config — admin-only; part of Settings

PII masking

For the marketing role, the worker masks PII in API responses when the setting Mask email and phone for marketing is on (default). Admins can turn it off in Settings so marketing sees full contact info.

• Email: j***@***.com (first character + ***@***. + TLD)
• Phone: ***-***-1234 (last four digits only)

Masking is applied in the worker before sending JSON; the dashboard just displays the values it receives.

Setup

1. Dashboard (recommended): In Settings → Marketing API keys, click Generate new key. Optionally name it, choose which pages it can access, then Create. Copy the key (it is shown once) and share it with the marketing user. That key has its own visible-pages list; you can Edit or Regenerate it anytime.

2. Worker (optional legacy): Set a second secret for marketing:

   wrangler secret put ANALYTICS_MARKETING_API_KEY

   (Development: optional ANALYTICS_MARKETING_API_KEY in wrangler.toml or env vars.)

(That env key uses the global default visible pages; no per-key UI in the dashboard.)

3. Sharing: Give each marketing user (or team) their own key from Settings → Marketing API keys; keep ANALYTICS_API_KEY for admins.

Dashboard behaviour

• Sidebar: Marketing sees no “Leads” link; the entire “Settings” group Settings and Forms config are admin-only and hidden. Dropdown options is available by default (under the Settings group). Only pages allowed for that key (set when the key was created or edited) appear in the sidebar.
• Routes: Visiting /leads, /leads/:id, /settings, or /forms-config as marketing redirects to the dashboard. Visiting any path not in the visible-pages list also redirects to the first allowed page (e.g. Dashboard).
• Lead analytics: When allowed by the visible-pages setting, marketing can open Lead analytics and see the submissions table with masked email/phone.