diff --git a/lib/API/JSON/API.php b/lib/API/JSON/API.php
index 3d0b1ba03a..8df8eb5855 100644
--- a/lib/API/JSON/API.php
+++ b/lib/API/JSON/API.php
@@ -1,6 +1,7 @@
 <?php
 namespace MailPoet\API\JSON;
 
+use MailPoet\Config\AccessControl;
 use MailPoet\Config\Env;
 use MailPoet\Util\Helpers;
 use MailPoet\Util\Security;
@@ -130,17 +131,11 @@ class API {
 
       // check the accessibility of the requested endpoint's action
       // by default, an endpoint's action is considered "private"
-      $permissions = $endpoint->permissions;
-      if(array_key_exists($this->_request_method, $permissions) === false ||
-         $permissions[$this->_request_method] !== Access::ALL
-      ) {
-        if($this->checkPermissions() === false) {
-          $error_message = __('You do not have the required permissions.', 'mailpoet');
-          $error_response = $this->createErrorResponse(Error::FORBIDDEN, $error_message, Response::STATUS_FORBIDDEN);
-          return $error_response;
-        }
+      if(!$this->validatePermissions($this->_request_method, $endpoint->permissions)) {
+        $error_message = __('You do not have the required permissions.', 'mailpoet');
+        $error_response = $this->createErrorResponse(Error::FORBIDDEN, $error_message, Response::STATUS_FORBIDDEN);
+        return $error_response;
       }
-
       $response = $endpoint->{$this->_request_method}($this->_request_data);
       return $response;
     } catch(\Exception $e) {
@@ -150,8 +145,15 @@ class API {
     }
   }
 
-  function checkPermissions() {
-    return current_user_can(Env::$required_permission);
+  function validatePermissions($request_method, $permissions) {
+    // if method permission is defined, validate it
+    if (!empty($permissions['methods'][$request_method])) {
+      return ($permissions['methods'][$request_method] === Access::ALL) ?
+        true :
+        AccessControl::validatePermission($permissions['methods'][$request_method]);
+    }
+    // use global permission
+    return AccessControl::validatePermission($permissions['global']);
   }
 
   function checkToken() {
diff --git a/lib/API/JSON/Endpoint.php b/lib/API/JSON/Endpoint.php
index 975dcc90f4..e75a3ded43 100644
--- a/lib/API/JSON/Endpoint.php
+++ b/lib/API/JSON/Endpoint.php
@@ -1,11 +1,16 @@
 <?php
+
 namespace MailPoet\API\JSON;
 
+use MailPoet\Config\AccessControl;
+
 if(!defined('ABSPATH')) exit;
 
 abstract class Endpoint {
-
-  public $permissions = array();
+  public $permissions = array(
+    'global' => array(AccessControl::PERMISSION_MANAGE_SETTINGS),
+    'methods' => array()
+  );
 
   function successResponse(
     $data = array(), $meta = array(), $status = Response::STATUS_OK
@@ -18,7 +23,7 @@ abstract class Endpoint {
   ) {
     if(empty($errors)) {
       $errors = array(
-        Error::UNKNOWN  => __('An unknown error occurred.', 'mailpoet')
+        Error::UNKNOWN => __('An unknown error occurred.', 'mailpoet')
       );
     }
     return new ErrorResponse($errors, $meta, $status);
diff --git a/lib/API/JSON/v1/AutomatedLatestContent.php b/lib/API/JSON/v1/AutomatedLatestContent.php
index 74d0ac4a29..e28be1642e 100644
--- a/lib/API/JSON/v1/AutomatedLatestContent.php
+++ b/lib/API/JSON/v1/AutomatedLatestContent.php
@@ -1,12 +1,18 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
+use MailPoet\Config\AccessControl;
 use MailPoet\WP\Posts as WPPosts;
 
 if(!defined('ABSPATH')) exit;
 
 class AutomatedLatestContent extends APIEndpoint {
   public $ALC;
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_EMAILS
+  );
 
   function __construct() {
     $this->ALC = new \MailPoet\Newsletter\AutomatedLatestContent();
diff --git a/lib/API/JSON/v1/CustomFields.php b/lib/API/JSON/v1/CustomFields.php
index 529e7d476a..823f0552a5 100644
--- a/lib/API/JSON/v1/CustomFields.php
+++ b/lib/API/JSON/v1/CustomFields.php
@@ -1,12 +1,19 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
+use MailPoet\Config\AccessControl;
 use MailPoet\Models\CustomField;
 
 if(!defined('ABSPATH')) exit;
 
 class CustomFields extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_FORMS
+  );
+
   function getAll() {
     $collection = CustomField::orderByAsc('created_at')->findMany();
     $custom_fields = array_map(function($custom_field) {
diff --git a/lib/API/JSON/v1/Forms.php b/lib/API/JSON/v1/Forms.php
index 179d805836..4789b728be 100644
--- a/lib/API/JSON/v1/Forms.php
+++ b/lib/API/JSON/v1/Forms.php
@@ -1,17 +1,23 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
-
+use MailPoet\Config\AccessControl;
+use MailPoet\Form\Renderer as FormRenderer;
+use MailPoet\Form\Util;
+use MailPoet\Listing;
 use MailPoet\Models\Form;
 use MailPoet\Models\StatisticsForms;
-use MailPoet\Form\Renderer as FormRenderer;
-use MailPoet\Listing;
-use MailPoet\Form\Util;
 
 if(!defined('ABSPATH')) exit;
 
 class Forms extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_FORMS
+  );
+
   function get($data = array()) {
     $id = (isset($data['id']) ? (int)$data['id'] : false);
     $form = Form::findOne($id);
diff --git a/lib/API/JSON/v1/ImportExport.php b/lib/API/JSON/v1/ImportExport.php
index 8e4f3b89c0..62ff5dead0 100644
--- a/lib/API/JSON/v1/ImportExport.php
+++ b/lib/API/JSON/v1/ImportExport.php
@@ -1,13 +1,19 @@
 <?php
-namespace MailPoet\API\JSON\v1;
-use MailPoet\API\JSON\Endpoint as APIEndpoint;
 
-use MailPoet\Subscribers\ImportExport\Import\MailChimp;
+namespace MailPoet\API\JSON\v1;
+
+use MailPoet\API\JSON\Endpoint as APIEndpoint;
+use MailPoet\Config\AccessControl;
 use MailPoet\Models\Segment;
+use MailPoet\Subscribers\ImportExport\Import\MailChimp;
 
 if(!defined('ABSPATH')) exit;
 
 class ImportExport extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SUBSCRIBERS
+  );
+
   function getMailChimpLists($data) {
     try {
       $mailChimp = new MailChimp($data['api_key']);
diff --git a/lib/API/JSON/v1/MP2Migrator.php b/lib/API/JSON/v1/MP2Migrator.php
index 67d851ae21..aa3bd41d75 100644
--- a/lib/API/JSON/v1/MP2Migrator.php
+++ b/lib/API/JSON/v1/MP2Migrator.php
@@ -1,18 +1,24 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
+use MailPoet\Config\AccessControl;
 
 if(!defined('ABSPATH')) exit;
 
 class MP2Migrator extends APIEndpoint {
-  
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
+  );
+
   public function __construct() {
     $this->MP2Migrator = new \MailPoet\Config\MP2Migrator();
   }
-  
+
   /**
    * Import end point
-   * 
+   *
    * @param object $data
    * @return object
    */
@@ -26,10 +32,10 @@ class MP2Migrator extends APIEndpoint {
       ));
     }
   }
-  
+
   /**
    * Stop import end point
-   * 
+   *
    * @param object $data
    * @return object
    */
@@ -43,10 +49,10 @@ class MP2Migrator extends APIEndpoint {
       ));
     }
   }
-  
+
   /**
    * Skip import end point
-   * 
+   *
    * @param object $data
    * @return object
    */
@@ -60,5 +66,5 @@ class MP2Migrator extends APIEndpoint {
       ));
     }
   }
-  
+
 }
diff --git a/lib/API/JSON/v1/Mailer.php b/lib/API/JSON/v1/Mailer.php
index 4400453299..872ac860ff 100644
--- a/lib/API/JSON/v1/Mailer.php
+++ b/lib/API/JSON/v1/Mailer.php
@@ -1,12 +1,19 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
+use MailPoet\Config\AccessControl;
 use MailPoet\Mailer\MailerLog;
 
 if(!defined('ABSPATH')) exit;
 
 class Mailer extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_EMAILS
+  );
+
   function send($data = array()) {
     try {
       $mailer = new \MailPoet\Mailer\Mailer(
diff --git a/lib/API/JSON/v1/NewsletterTemplates.php b/lib/API/JSON/v1/NewsletterTemplates.php
index 69c4f5a4d5..fae112eaf1 100644
--- a/lib/API/JSON/v1/NewsletterTemplates.php
+++ b/lib/API/JSON/v1/NewsletterTemplates.php
@@ -1,13 +1,19 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
-
+use MailPoet\Config\AccessControl;
 use MailPoet\Models\NewsletterTemplate;
 
 if(!defined('ABSPATH')) exit;
 
 class NewsletterTemplates extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_EMAILS
+  );
+
   function get($data = array()) {
     $id = (isset($data['id']) ? (int)$data['id'] : false);
     $template = NewsletterTemplate::findOne($id);
diff --git a/lib/API/JSON/v1/Newsletters.php b/lib/API/JSON/v1/Newsletters.php
index 282b8e5bb4..8fabcfeb44 100644
--- a/lib/API/JSON/v1/Newsletters.php
+++ b/lib/API/JSON/v1/Newsletters.php
@@ -1,16 +1,18 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
 
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
+use MailPoet\Config\AccessControl;
 use MailPoet\Listing;
+use MailPoet\Models\Newsletter;
+use MailPoet\Models\NewsletterOption;
+use MailPoet\Models\NewsletterOptionField;
+use MailPoet\Models\NewsletterSegment;
+use MailPoet\Models\NewsletterTemplate;
 use MailPoet\Models\SendingQueue;
 use MailPoet\Models\Setting;
-use MailPoet\Models\Newsletter;
-use MailPoet\Models\NewsletterTemplate;
-use MailPoet\Models\NewsletterSegment;
-use MailPoet\Models\NewsletterOptionField;
-use MailPoet\Models\NewsletterOption;
 use MailPoet\Models\Subscriber;
 use MailPoet\Newsletter\Renderer\Renderer;
 use MailPoet\Newsletter\Scheduler\Scheduler;
@@ -22,6 +24,10 @@ if(!defined('ABSPATH')) exit;
 require_once(ABSPATH . 'wp-includes/pluggable.php');
 
 class Newsletters extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_EMAILS
+  );
+
   function get($data = array()) {
     $id = (isset($data['id']) ? (int)$data['id'] : false);
     $newsletter = Newsletter::findOne($id);
diff --git a/lib/API/JSON/v1/Segments.php b/lib/API/JSON/v1/Segments.php
index 2ef6a07b89..6c8000564a 100644
--- a/lib/API/JSON/v1/Segments.php
+++ b/lib/API/JSON/v1/Segments.php
@@ -1,15 +1,21 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
-
-use MailPoet\Models\Segment;
+use MailPoet\Config\AccessControl;
 use MailPoet\Listing;
+use MailPoet\Models\Segment;
 use MailPoet\Segments\WP;
 
 if(!defined('ABSPATH')) exit;
 
 class Segments extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SEGMENTS
+  );
+
   function get($data = array()) {
     $id = (isset($data['id']) ? (int)$data['id'] : false);
     $segment = Segment::findOne($id);
diff --git a/lib/API/JSON/v1/SendingQueue.php b/lib/API/JSON/v1/SendingQueue.php
index e155cbd0cc..5484e004a5 100644
--- a/lib/API/JSON/v1/SendingQueue.php
+++ b/lib/API/JSON/v1/SendingQueue.php
@@ -1,18 +1,24 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
-
+use MailPoet\Config\AccessControl;
 use MailPoet\Mailer\Mailer;
 use MailPoet\Models\Newsletter;
+use MailPoet\Models\SendingQueue as SendingQueueModel;
 use MailPoet\Models\Subscriber;
 use MailPoet\Newsletter\Scheduler\Scheduler;
-use MailPoet\Models\SendingQueue as SendingQueueModel;
 use MailPoet\Util\Helpers;
 
 if(!defined('ABSPATH')) exit;
 
 class SendingQueue extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_EMAILS
+  );
+
   function add($data = array()) {
     $newsletter_id = (isset($data['newsletter_id'])
       ? (int)$data['newsletter_id']
diff --git a/lib/API/JSON/v1/Services.php b/lib/API/JSON/v1/Services.php
index 7885e501ca..9fc447338f 100644
--- a/lib/API/JSON/v1/Services.php
+++ b/lib/API/JSON/v1/Services.php
@@ -1,11 +1,12 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
 
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
+use MailPoet\Config\AccessControl;
 use MailPoet\Config\Installer;
 use MailPoet\Services\Bridge;
-use MailPoet\Util\License\License;
 use MailPoet\WP\DateTime;
 
 if(!defined('ABSPATH')) exit;
@@ -13,6 +14,9 @@ if(!defined('ABSPATH')) exit;
 class Services extends APIEndpoint {
   public $bridge;
   public $date_time;
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
+  );
 
   function __construct() {
     $this->bridge = new Bridge();
diff --git a/lib/API/JSON/v1/Settings.php b/lib/API/JSON/v1/Settings.php
index 1a2093c4ed..1db60103da 100644
--- a/lib/API/JSON/v1/Settings.php
+++ b/lib/API/JSON/v1/Settings.php
@@ -1,24 +1,31 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
 
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
+use MailPoet\Config\AccessControl;
 use MailPoet\Models\Setting;
 use MailPoet\Services\Bridge;
 
 if(!defined('ABSPATH')) exit;
 
 class Settings extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
+  );
+
   function get() {
     return $this->successResponse(Setting::getAll());
   }
 
   function set($settings = array()) {
     if(empty($settings)) {
-      return $this->badRequest(array(
-        APIError::BAD_REQUEST =>
-          __('You have not specified any settings to be saved.', 'mailpoet')
-      ));
+      return $this->badRequest(
+        array(
+          APIError::BAD_REQUEST =>
+            __('You have not specified any settings to be saved.', 'mailpoet')
+        ));
     } else {
       foreach($settings as $name => $value) {
         Setting::setValue($name, $value);
diff --git a/lib/API/JSON/v1/Setup.php b/lib/API/JSON/v1/Setup.php
index d0f6989226..1bf0647748 100644
--- a/lib/API/JSON/v1/Setup.php
+++ b/lib/API/JSON/v1/Setup.php
@@ -1,13 +1,19 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
 
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
+use MailPoet\Config\AccessControl;
 use MailPoet\Config\Activator;
 use MailPoet\WP\Hooks;
 
 if(!defined('ABSPATH')) exit;
 
 class Setup extends APIEndpoint {
+  public $permissions = array(
+    'global' => AccessControl::PERMISSION_MANAGE_SETTINGS
+  );
+
   function reset() {
     try {
       $activator = new Activator();
diff --git a/lib/API/JSON/v1/Subscribers.php b/lib/API/JSON/v1/Subscribers.php
index 38ddefb9af..e391072855 100644
--- a/lib/API/JSON/v1/Subscribers.php
+++ b/lib/API/JSON/v1/Subscribers.php
@@ -1,21 +1,23 @@
 <?php
+
 namespace MailPoet\API\JSON\v1;
+
+use MailPoet\API\JSON\Access as APIAccess;
 use MailPoet\API\JSON\Endpoint as APIEndpoint;
 use MailPoet\API\JSON\Error as APIError;
-use MailPoet\API\JSON\Access as APIAccess;
-
-use MailPoet\Form\Util\FieldNameObfuscator;
+use MailPoet\Config\AccessControl;
 use MailPoet\Listing;
-use MailPoet\Models\Subscriber;
+use MailPoet\Form\Util\FieldNameObfuscator;
 use MailPoet\Models\Form;
 use MailPoet\Models\StatisticsForms;
+use MailPoet\Models\Subscriber;
 
 if(!defined('ABSPATH')) exit;
 
 class Subscribers extends APIEndpoint {
-
   public $permissions = array(
-    'subscribe' => APIAccess::ALL
+    'global' => AccessControl::PERMISSION_MANAGE_SUBSCRIBERS,
+    'methods' => array('subscribe' => APIAccess::ALL)
   );
 
   function get($data = array()) {