GraphQL query for orders. Different results with public and private credentials

8 0 3

Hi all

I have the following GraphQL query.




  orders(first: 250, query: "tag:New AND financial_status:authorized" sortKey:CREATED_AT) {
    edges {
      node {




This is used to pick up new orders that are tagged with New by Shopify Flow. For the most part it works well except that it misses some orders for no obvious reason. Even if I change the query to filter just by name it doesn't find it. It does find it if I filter by id.

This is an unpublished public app, built before the "custom" type was introduced so it uses oauth authentication with read_orders and write_orders scopes. While debugging this issue with Postman, I had a wild idea to try a private app password for authentication instead. That works!

To summarize, I can run exactly the same GraphQL query with public and private app credentials and get different results. Why is this happening? It seems suspiciously like a bug at Shopify to me.

It seems to happen for older orders although I haven't spent the time to determine if that it consistent or what the cutoff age is. The oauth scopes don't include read_all_orders but the default without that is 60 days and the missing order I tested today is only about 15 days old.  Is it possible that the documented threshold for require read_all_orders is incorrect?

Shopify Partner
1 0 0

Any word from Shopify on this?