Order API restriction

G-die
Visitor
3 0 0

Hello,

We have an application that is using order API to gather information about orders which are generated on Shopify site of our client.

This allows us to keep information about orders up to date between our tool and the Shopify of the client.

We have prospects for whom it is a problem to give access to this API because there is also information about customers in the API results. 

On our side we do not need this information, so I have tried to check if there is a possibilty to restrict the information sent back by API or maybe another API endpoint that only contains order information, but did not succeed.

Do some of you have an idea how we could restrict the information we collect from Shopify to reassure our prospects ?

Thank you in advance for your help !

Emilien Roux

Replies 3 (3)

Gregarican
Shopify Partner
1033 86 285

How are you getting the data? If it's through a webhook response, then it's sending over all of the details about each new order that's created. If you are using the REST or GraphQL API's then you can select only certain fields you need.

G-die
Visitor
3 0 0

Hello Greg,

Thank you for your feedback. 

I'm using GraphQL now. We are indeed using the method that you are talking about and requesting only what we need, but the problem is not about selecting only certain fields, it is for customer to restrict the field he allows us to access.

In clear customer wants to make sure we only access what we need and not more by restraining the access of data to only what we need, but as far as I can see there is not this possibility by default. You either access it all or none.

Maybe someone knows some plugins that can help with that ?

Gregarican
Shopify Partner
1033 86 285

Since the webhook sends over the whole shootin' match then that's not an option. Although I'd imagine that you could get just the order field values you need and that's it using GraphQL and with your app's access scope restricted to read_all_orders and perhaps a few product and inventory related ones if you need item-level details such as that. If you don't have access to the customer scope then even if you tried to include them in your GraphQL request it shouldn't pass back any of that...

 

https://shopify.dev/docs/admin-api/access-scopes