Is there a way to "stop" calls to product.json from returning all the products in my shop (http://example.myshopify.com/products.json?limit=250)? Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?
Thank you in advance!
Once you give an app permission to read/write products, there's no limiting what parts of that data they can access.
Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?
Is there a specific circumstance where this is taking place? Apps don't typically share shop information to competitng merchants.
Jordan - I can do a curl to /products.json for a shop w/o any authentication, bypassing the normal API. We have had customers in the past who wish to hide information information especially from unapproved guests / competitors who may wish to scrape their data for business purposes.
There has never been any security on the front-end for the JSON represenation of a product. Anyone can see most product and variant details that way. What does this have to do with Apps and read/write permissions? And no, to date it seems there is no mechanism in place to hide product details you don't want exposed.
Jordan is the only one who mentioned "app" - Don refered to /products.json as the "API", but given it's a REST-like endpoint returning structured JSON, that's pretty accurate.
It's basically an unprotected globally-readable API for your Shop which you don't have control over, so the feature request would be shop owner access control for that endpoint.
Its been there for nearly a decade, but true, there have been merchants that complain their competition can see all their vendors, prices, and inventory levels.
No doubt the corporate pressure to make that info hidden will work its way into the system at some point.
Thank you all for your input.
Allow me to be sceptic and assume that this behaviour is not going to change anytime soon.
It is quite disappointing as I can’t understand why this information needs to be available to the “public”.
Knowing how a lot of things work in themes, eliminating the GET on products from the front-end will DESTROY a lot of functionality across a lot of shops.
I would therefore be betting that this endpoint will not be deprecated, but instead, Shopify will be forced to create a new set of filters so that merchants can choose to hide available fields from the endpoint. That is likely the only solution to this problem.