Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.omneo.io/llms.txt

Use this file to discover all available pages before exploring further.

User access control

Omneo uses role-based access control. Only grant users the role they need:
RoleWhen to use
AdminSenior team members who need full access
ManagerStaff who manage profiles and update data but should not create new configurations
ReportingAnalytics or operations staff who only need to view data
MachineAPI integrations — never for human users
Review user access quarterly. Remove accounts for staff who have left the organisation.

API token management

  • Generate separate API tokens for each integration rather than using one shared token
  • Use the minimum required scopes for each token
  • Store tokens securely — never in source code, public repositories, or unencrypted files
  • Rotate tokens when staff who had access leave, or when a security incident is suspected
  • Machine user accounts should use strong, randomly generated passwords (32+ characters)

IP allowlisting

For Clienteling access from POS terminals, Omneo maintains a per-tenant IP allowlist. Only known IP addresses can access the Clienteling portal. Contact Omneo support to update your allowlist when:
  • Adding new store locations
  • Changing network infrastructure
  • Enabling remote access (e.g., mobile POS)

Data handling

  • Omneo stores personally identifiable information (PII) in accordance with Australian privacy law
  • For GDPR-compliant erasure of a customer’s data, use the Purge endpoint rather than the standard delete
  • Do not export bulk customer data to unsecured locations
  • Tag profiles that should be handled with care (e.g., "handle-with-care") to alert customer service staff

Shared secrets

Omneo uses shared secrets for webhook signature verification and barcode service authentication. These should be:
  • Stored in environment variables or a secrets manager — never hardcoded
  • Rotated regularly
  • Never shared in plain text via email or chat
Content needed: Omneo’s data residency and compliance certifications (ISO 27001, SOC 2, etc.), specific GDPR/APPs compliance features, and pen testing procedures.