How to validate scopes of a private app

geckoboard
New Member
3 0 0

When a private app is connected we want to check if it has the right access scopes. We're currently making a call to the endpoint `/admin/oauth/access_scopes.json` but the response we're getting doesn't make sense.

curl https://xxx:xxx@xxxstore.myshopify.com/admin/oauth/access_scopes.json{"access_scopes":[{"handle":"read_products"},{"handle":"read_product_listings"},{"handle":"write_customers"},{"handle":"write_checkouts"},{"handle":"read_content"},{"handle":"read_customers"},{"handle":"read_checkouts"}]}

 

curl https://xxx:xxx@xxxstore.myshopify.com/admin/api/2020-10/customers.json{"errors":"[API] This action requires merchant approval for read_customers scope."}%

 

0 Likes
_JCC_
Shopify Staff
Shopify Staff
160 21 28

@geckoboard ,

This issue should now be resolved, but there could however be store front api related scopes (starting with unauthenticated) returned on existing private apps created prior to today. Despite returning these store front api related scopes, the private app will not have access to the store front api. A maintenance job might be deployed to correct the store front api scopes on existing private apps.

Regards,

John

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes