Why customer protected data access mandatory for priceRuleCreate GraphQL mutation?

cyberabis
Shopify Partner
9 0 1

We are using the priceRuleCreate (https://shopify.dev/docs/api/admin-graphql/2023-04/mutations/priceRuleCreate) GraphQL mutation to create a discount code. There is a mandatory argument called "customerSelection" and here we are only passing "forAllCustomers: true". Please note, we are not passing any customer data here.

 

We find that this GraphQL mutation requests fails with error message saying: "This app is not approved to access the PriceRule object. See https://partners.shopify.com/<partner_id>/apps/<app_id>/customer_data for more details."

 

Why does the priceRuleCreate endpoint require customer protected data? And it's fully failing even when we do not use and customer data fields?

Replies 2 (2)
ShopifyDevSup
Shopify Staff
Shopify Staff
1200 190 418

Hi @cyberabis,

 

Thanks for your post. We've been able to replicate this issue in a test store, however the priceRuleCreate mutation is marked as deprecated so can you please use the mutations that start with the word 'discount' instead like discountCodeBasicCreate? That one worked when testing with the same app that failed with priceRuleCreate.

 

There are links to the other discount creation mutations in the chart on this doc page about creating a discount app:

https://shopify.dev/docs/apps/selling-strategies/discounts#discount-types

 

Thanks and hope you have a great day,
Jon551

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

cyberabis
Shopify Partner
9 0 1

Hi Jon551, Thank you for your response. As you suggested discountCodeBasicCreate works fine. However, we came across another similar problem. We subscribe to the orders/create webhook topic, and we include only customer-unrelated fields. Yet the webhook subscription create fails. Why can't the webhook send the payload excluding customer data to apps that don't require customer protected data access? Hoping you could take a look at this case too. Thank you!