Focuses on API authentication, access scopes, and permission management.
We're using managed app scopes by Shopify.
[access_scopes]
# Learn more at https://shopify.dev/docs/apps/tools/cli/configuration#access_scopes
scopes = "read_assigned_fulfillment_orders,read_checkout_branding_settings,read_customer_events,read_customers,read_discounts,read_fulfillments,read_inventory,read_locations,..."
use_legacy_install_flow = false
We have permission from Shopify to read all orders, but we don't want to force all of our shops to agree to our app reading all of their orders. There is a currently lack of implementation on Shopify to override an app scope for a specific merchant to a different set of scopes.
I can't add "read_all_orders" to the app installation flow because Shopify will remove it and use what's in the Shopify app toml file. Is there any known workaround?