How to validate scopes of a private app

New Member
2 0 0

When a private app is connected we want to check if it has the right access scopes. We're currently making a call to the endpoint `/admin/oauth/access_scopes.json` but the response we're getting doesn't make sense.

curl https://xxx:xxx@xxxstore.myshopify.com/admin/oauth/access_scopes.json{"access_scopes":[{"handle":"read_products"},{"handle":"read_product_listings"},{"handle":"write_customers"},{"handle":"write_checkouts"},{"handle":"read_content"},{"handle":"read_customers"},{"handle":"read_checkouts"}]}

 

curl https://xxx:xxx@xxxstore.myshopify.com/admin/api/2020-10/customers.json{"errors":"[API] This action requires merchant approval for read_customers scope."}%

 

0 Likes
Shopify Staff
Shopify Staff
38 5 2

@geckoboard ,

This issue should now be resolved, but there could however be store front api related scopes (starting with unauthenticated) returned on existing private apps created prior to today. Despite returning these store front api related scopes, the private app will not have access to the store front api. A maintenance job might be deployed to correct the store front api scopes on existing private apps.

Regards,

John

John C | Developer Support Specialist @Shopify
0 Likes