Is there a way to "stop" calls to product.json from returning all the products in my shop (http://example.myshopify.com/products.json?limit=250)? Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?
Thank you in advance!
Once you give an app permission to read/write products, there's no limiting what parts of that data they can access.
Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?
Is there a specific circumstance where this is taking place? Apps don't typically share shop information to competitng merchants.
Jordan - I can do a curl to /products.json for a shop w/o any authentication, bypassing the normal API. We have had customers in the past who wish to hide information information especially from unapproved guests / competitors who may wish to scrape their data for business purposes.
There has never been any security on the front-end for the JSON represenation of a product. Anyone can see most product and variant details that way. What does this have to do with Apps and read/write permissions? And no, to date it seems there is no mechanism in place to hide product details you don't want exposed.
Jordan is the only one who mentioned "app" - Don refered to /products.json as the "API", but given it's a REST-like endpoint returning structured JSON, that's pretty accurate.
It's basically an unprotected globally-readable API for your Shop which you don't have control over, so the feature request would be shop owner access control for that endpoint.
Its been there for nearly a decade, but true, there have been merchants that complain their competition can see all their vendors, prices, and inventory levels.
No doubt the corporate pressure to make that info hidden will work its way into the system at some point.
Thank you all for your input.
Allow me to be sceptic and assume that this behaviour is not going to change anytime soon.
It is quite disappointing as I can’t understand why this information needs to be available to the “public”.
Hey Don (and others),
Just a heads up that we're currently looking into the feasibility of deprecating this public endpoint, or at the very least removing certain exposed fields like inventory, sku, etc.
I'll update here once I know more.
Thank you Jordan, deprecating this endpoint will be fantastic!
Exposing the Vendor field is a great cocern for us and we are very happy that Shopify is willing to provide a solution.
Looking forward for your update,
field needs to go first.
Knowing how a lot of things work in themes, eliminating the GET on products from the front-end will DESTROY a lot of functionality across a lot of shops.
I would therefore be betting that this endpoint will not be deprecated, but instead, Shopify will be forced to create a new set of filters so that merchants can choose to hide available fields from the endpoint. That is likely the only solution to this problem.
I'm new to Spotify and happened to stumble on this post while searching for .json endpoints available to clients.
I've found several but was wondering if there was a list or docs.. anyway
Was the problem with revealing vendors ever sorted out?
Is there any update from Shopify to this subject? Some store owners complain about bots tracking updates to their products/tracking product releases.
Public Apps | Theme customization & App development
- Was my reply useful? Like it to let me know!
- Did I answer your question? Please mark as Accepted Solution.
- Need more help? Contact us.
They copied all products from my store.
With this code:
And they are using this plugin to copy all products:
Is there any way to avoid this?