Focuses on API authentication, access scopes, and permission management.
I am working on a singer tap for shopify using the graphql api, I was able to create the schema fetching graphql types, but when building the query I need to remove the types that are not in the user's scope. I could not find a way of getting the scopes needed for each one of the graphql types in order to filer them out and include/remove fields just available on shopify plus.
Is there a query that will provide the scopes needed for each type?
Solved! Go to the solution
This is an accepted solution.
Hi Sehnem,
Currently, Shopify does not provide a direct query to get the scopes needed for each GraphQL type. However, the access scopes required for each type of data can be inferred from the Shopify documentation.
For example, to access order data, your app needs the read_orders
or read_all_orders
scope. For accessing product data, your app requires the read_products
scope.
To manage the scopes of your app, you must:
Remember that the scopes granted to your app are dependent on the permissions given by the user during the OAuth process.
If your app needs to access certain types that are not included in your current access scopes, you must undergo the OAuth process again, this time requesting the additional scopes.
Hope this helps!
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
This is an accepted solution.
Hi Sehnem,
Currently, Shopify does not provide a direct query to get the scopes needed for each GraphQL type. However, the access scopes required for each type of data can be inferred from the Shopify documentation.
For example, to access order data, your app needs the read_orders
or read_all_orders
scope. For accessing product data, your app requires the read_products
scope.
To manage the scopes of your app, you must:
Remember that the scopes granted to your app are dependent on the permissions given by the user during the OAuth process.
If your app needs to access certain types that are not included in your current access scopes, you must undergo the OAuth process again, this time requesting the additional scopes.
Hope this helps!
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
As I am not developing a specific app, but a tool to integrate other apps, I will not configure the credentials myself, it will be done by the user, that's why it would be useful to have a way of getting the scopes for different graphql types, so I could just not show them instead of just failing when running the query.
An other thing is that I am using mostly the bulk API, and I am not getting details about the error, so the user will just get that the permission is not authorized but not the fields. I will try to figure out an other way of making it work.
Thanks for the help.