[New Launch] Access Scope API

Highlighted
Shopify Staff
Shopify Staff
257 1 63

Today, we're launching the new Access Scope API which allows you to query a merchant's shop for the list of permissions associated to your app.

GET /admin/oauth/access_scopes.json

{
  "access_scopes": [
    {
      "handle": "read_products"
    },
    {
      "handle": "write_orders"
    }
  ]
}

Using this functionality you can easily manage scopes across your various user's shops.

Access scopes include permissions, such as read_orders and write_products, that allow apps to access data from a shop. The list of access scopes retrieved is based on the access token used for the request, and it contains only those access scopes that are granted to the token. For example, the list may contain all access scopes, or it may contain a subset if the access token has limited permissions.  You can find the related documentation here.

As always, if you have any questions, feel free to reach out in the thread below.

Developer Experience @ Shopify
0 Likes
Shopify Expert
3841 0 270

So we install an App with scopes, and now we can query if the scopes we set match? Just in case we forgot what scopes we used. Wowza. 

Just as an aside, since you're tinkering with Scopes and Apps, would be nice if you could make so that we could adjust scopes on the fly, and have merchants approve the scope changes, all without us having to have the merchant uninstall/reinstall. Now that would be something!

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
0 Likes
Shopify Staff
Shopify Staff
533 0 82

Just in case we forgot what scopes we used. Wowza. 

Can't tell if sarcastic or not... ?

and have merchants approve the scope changes, all without us having to have the merchant uninstall/reinstall.

This is actually totally possible and this change was mostly introduced in order to better handle this exact scenario. Once your app has been installed already, you can redirect the merchant back to the OAuth grant screen (/admin/oauth/authorize?[...]) with a new set of scopes, and Shopify will prompt the merchant to update the permission set. Making the access scopes programatically accessible improves this process as you can query the API to determine which scopes have been granted in order to conditionally redirect to the grant screen.

Cheers!

0 Likes
Shopify Staff
Shopify Staff
533 0 82

Come to think of it, that's something that probably deserves to be documented much more clearly. Thanks for the inspiration!

0 Likes