Hi, I'm building a sales channel app and part of the requirements is that
The "read_only_own_orders" scope is added by the review team during the approval process and ensures that a channel can only read the orders it created.
However, searching for this string, it seems like the only time it appears on the entire internet is on the "Getting your app approved/App requirements" page https://shopify.dev/concepts/app-store/getting-your-app-approved/app-requirements#d-checkouts
What are the actual implications of this permission and how should we interpret it? Like should it be basically interpreted as "read_orders" but Shopify will do some filtering of the webhooks and orders before they reach us to only trigger the webhooks for our own orders and to only let us read our own orders for the sales channel?
Solved! Go to the solution
This is an accepted solution.
Like should it be basically interpreted as "read_orders" but Shopify will do some filtering of the webhooks and orders before they reach us to only trigger the webhooks for our own orders and to only let us read our own orders for the sales channel?
This is correct.
read_only_own_orders permission ensures that a sales channel can only see orders created by that channel. This includes using the orders endpoint as well as webhooks, with this permission enabled you will only receive webhooks related to orders created by your channel, and any calls to the orders endpoint will only include orders created by your channel.
@_JB, if an app wants to send a customer straight to a new checkout after they have made a purchase (for an upsell offer, for example), is that effectively impossible? To be able to create the new checkout, the app has to be a sales channel. But if the app is a sales channel, it can’t read the first order in the first place.
Is that correct?