Focuses on API authentication, access scopes, and permission management.
Hi, I'm trying to search which are the allowed scopes for the Customer Account API OAuth 2.0 flow.
From https://shopify.dev/docs/api/customer#step-authorization
There are 3 listed:
- openid
- email
- https://api.customers.com/auth/customer.graphql
I assume these are examples. Where is the full scope list and what each scope allow? also what in the world does that api.customers.com URL even mean? These are not described anywhere in the API version 2024-01
Hi PurpleGecko,
What you're listing (openid, email, that URL) are not scopes themselves but parameters on the scope field. Those three parameters are what is being requested from the Shopify Identity service, so that the access token that is being returned has permissions for those aspects (like their email etc). There are no other options other than those three at the moment. That api.customers URL is just a name of the Customer Account API scope you are requesting permissions for and it does not need to be modified.
Hope this helps,
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog