Focuses on API authentication, access scopes, and permission management.
Hello,
due to changelog 2023-04 when requesting the Asset API, access to create, update, and delete assets is no longer accessible for public apps. Our app already has scopes write_themes and read_themes. Should we ask for some additional permissions to not lose access to Asset API? Or if our app already has these scopes it means that we will have access in 2023-04 and all the next versions?
Thanks!
Hi @development1,
Regarding the changes in the Shopify API version 2023-04, you're correct to be proactive about ensuring your app maintains the necessary access. With this update, the ability to create, update, and delete assets through the Asset API will be restricted for public apps, even if they have the write_themes and read_themes scopes.
In most scenarios, transitioning to using app extensions is the recommended approach. App extensions are generally more suitable and secure for modifying themes. However, there are limited circumstances where an exemption from these changes might be granted. If you believe your app has a valid reason for direct theme modification, it would be advisable to contact Shopify support to discuss the possibility of an exemption.
In case our app will get this approval. Do we need to go through authorization again to not lose access to the API or all existing tokens will still be available and will have needed scopes to use Assets API?
These questions would be best directed to Shopify support.