Our private app is currently using the 2022-07 API. We're using the API to share customer order data with a 3rd party fulfillment service.
Because we're using this version of the API and the app is private, we're able to access all of the customer data that we need. Since this version of the API is deprecated and we intend to release a public version of this app, we'll need to move to a later version of the API.
In later versions of the API, the data that we're sharing with the 3rd party will be considered protected data.
We've reviewed the requirements for accessing protected data, but need a better understanding of how these requirements extend to 3rd parties.