Skip to content

Feature Restrictions System

Overview

The Feature Restrictions System allows you to control which features are available to specific organizations through the admin API. This is useful for: - Creating limited trial accounts - Offering different tiers of service - Disabling features for specific organizations - Creating "inbox-only" mode where only the messaging feature is available

Features

Inbox-Only Mode

When enabled, only the inbox feature is available. All other features appear locked as teasers to encourage upgrades.

Granular Feature Control

Individual features can be enabled/disabled: - inbox - Messaging and conversations - contacts - Contact management - companies - Company/organization management - deals - Sales pipeline and deals - tasks - Task management - dashboard - Main dashboard - broadcast - Mass messaging campaigns - automations - Workflow automations - projects - Project management - analytics - Analytics and reporting - settings - Organization settings - profile - User profile - scheduling - Appointment scheduling - sales_report - Sales reporting - sequences - Drip campaigns and message sequences - bot_flows - Visual bot flow builder - call_intelligence - AI call transcription and analysis - social_media_planner - Social media scheduling and publishing - attendance - Agent attendance tracking

Admin API Endpoints

Get Feature Restrictions

Endpoint: GET /admin-get-feature-restrictions

Headers:

Authorization: Bearer YOUR_API_KEY

Query Parameters: - organization_id (optional) - Get restrictions for a specific organization

Response:

{
 "success": true,
 "organization": {
 "id": "org_uuid",
 "name": "Organization Name",
 "slug": "org-slug",
 "feature_restrictions": {
 "inbox_only_mode": false,
 "enabled_features": ["inbox", "contacts", "deals"]
 },
 "inbox_only_mode": false,
 "enabled_features": ["inbox", "contacts", "deals"],
 "disabled_features": ["companies", "tasks", "broadcast",...]
 }
}

Update Feature Restrictions

Endpoint: POST /admin-update-feature-restrictions

Headers:

Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

Body:

Enable Inbox-Only Mode:

{
 "organization_id": "org_uuid",
 "action": "enable_inbox_only"
}
Or:
{
 "organization_id": "org_uuid",
 "inbox_only_mode": true
}

Disable Inbox-Only Mode:

{
 "organization_id": "org_uuid",
 "action": "disable_inbox_only"
}
Or:
{
 "organization_id": "org_uuid",
 "inbox_only_mode": false,
 "enabled_features": ["inbox", "contacts", "deals", "tasks"]
}

Update Specific Features:

{
 "organization_id": "org_uuid",
 "action": "update_features",
 "enabled_features": ["inbox", "contacts", "deals"]
}

Response:

{
 "success": true,
 "message": "Feature restrictions updated successfully",
 "organization": {
 "id": "org_uuid",
 "name": "Organization Name",
 "slug": "org-slug",
 "feature_restrictions": {
 "inbox_only_mode": false,
 "enabled_features": ["inbox", "contacts", "deals"]
 }
 }
}

UI Behavior

Locked Features in Sidebar

  • Locked features show with a lock icon
  • Feature name appears with muted text
  • "Locked" badge is displayed
  • Clicking navigates to the feature but shows locked overlay

Feature Locked Page

When a user tries to access a locked feature: 1. A fullscreen overlay appears 2. Shows the feature name and lock icon 3. Displays benefits they're missing 4. Provides "Request Access" button 5. Explains how to unlock the feature

Teaser Effect

Locked features are visible but not accessible, creating a teaser effect that: - Shows users what's available - Encourages upgrades - Maintains awareness of full capabilities

Implementation Details

Database Schema

Feature restrictions are stored in the organizations table:

feature_restrictions JSONB DEFAULT '{
 "inbox_only_mode": false,
 "enabled_features": [...]
}'

Frontend Components

  1. useFeatureRestrictions Hook - Manages feature access state
  2. FeatureGate Component - Wraps routes to check access
  3. FeatureLockedOverlay - Shows locked feature UI
  4. AppSidebar - Shows locked features as teasers

Real-time Updates

Feature restrictions are synced in real-time using Supabase subscriptions. When restrictions change, the UI updates immediately without requiring a page refresh.

Testing

Test Inbox-Only Mode

  1. Use the admin API to enable inbox_only_mode for a test organization
  2. Login as a user in that organization
  3. Verify only inbox is accessible
  4. Verify all other features show as locked

Test Feature Updates

  1. Enable specific features via API
  2. Verify immediate UI updates
  3. Test navigation to enabled/disabled features

Example cURL Commands

Enable inbox-only mode:

curl -X POST https://your-supabase-url.supabase.co/functions/v1/admin-update-feature-restrictions \
 -H "Authorization: Bearer YOUR_API_KEY" \
 -H "Content-Type: application/json" \
 -d '{
 "organization_id": "YOUR_ORG_ID",
 "action": "enable_inbox_only"
 }'

Update specific features:

curl -X POST https://your-supabase-url.supabase.co/functions/v1/admin-update-feature-restrictions \
 -H "Authorization: Bearer YOUR_API_KEY" \
 -H "Content-Type: application/json" \
 -d '{
 "organization_id": "YOUR_ORG_ID",
 "enabled_features": ["inbox", "contacts", "deals", "tasks"]
 }'

Get current restrictions:

curl https://your-supabase-url.supabase.co/functions/v1/admin-get-feature-restrictions?organization_id=YOUR_ORG_ID \
 -H "Authorization: Bearer YOUR_API_KEY"

Notes

  • The inbox feature should generally remain enabled as it's the core functionality
  • When inbox_only_mode is true, it automatically sets enabled_features to ["inbox"] only
  • Changes are applied immediately and reflected in real-time
  • API keys must have admin permissions to use these endpoints