product.json API

Don4
Tourist
3 0 2

Hi Gurus,

Is there a way to "stop" calls to product.json from returning all the products in my shop (http://example.myshopify.com/products.json?limit=250)? Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?

Thank you in advance!
Don

Replies 14 (14)
Jordan
Shopify Staff
Shopify Staff
300 3 74

Hey Don,

Once you give an app permission to read/write products, there's no limiting what parts of that data they can access. 

Alternatively can I "hide" the vendor name for each one of my products as I don't want to reveal it to my competitors?

Is there a specific circumstance where this is taking place? Apps don't typically share shop information to competitng merchants.

 

- Jordan

Jordan | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Pogodan
Shopify Expert
76 0 13

Jordan - I can do a curl to /products.json for a shop w/o any authentication, bypassing the normal API. We have had customers in the past who wish to hide information information especially from unapproved guests / competitors who may wish to scrape their data for business purposes.

Pogodan | https://experts.shopify.com/pogodan-dev
HunkyBill
Shopify Expert
4763 54 548

There has never been any security on the front-end for the JSON represenation of a product. Anyone can see most product and variant details that way. What does this have to do with Apps and read/write permissions? And no, to date it seems there is no mechanism in place to hide product details you don't want exposed. 

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
Pogodan
Shopify Expert
76 0 13

Jordan is the only one who mentioned "app" - Don refered to /products.json as the "API", but given it's a REST-like endpoint returning structured JSON, that's pretty accurate.

It's basically an unprotected globally-readable API for your Shop which you don't have control over, so the feature request would be shop owner access control for that endpoint.

Pogodan | https://experts.shopify.com/pogodan-dev
HunkyBill
Shopify Expert
4763 54 548

Its been there for nearly a decade, but true, there have been merchants that complain their competition can see all their vendors, prices, and inventory levels. 

No doubt the corporate pressure to make that info hidden will work its way into the system at some point.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
Don4
Tourist
3 0 2

Thank you all for your input.

Allow me to be sceptic and assume that this behaviour is not going to change anytime soon.

It is quite disappointing as I can’t understand why this information needs to be available to the “public”.

Thanks again,

Don

Jordan
Shopify Staff
Shopify Staff
300 3 74

Hey Don (and others),

Just a heads up that we're currently looking into the feasibility of deprecating this public endpoint, or at the very least removing certain exposed fields like inventory, sku, etc.

I'll update here once I know more. 

- Jordan

Jordan | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Don4
Tourist
3 0 2

Thank you Jordan, deprecating this endpoint will be fantastic!

Exposing the Vendor field is a great cocern for us and we are very happy that Shopify is willing to provide a solution. 

Looking forward for your update,

Don

 

 

 

field needs to go first. 

 

HunkyBill
Shopify Expert
4763 54 548

Knowing how a lot of things work in themes, eliminating the GET on products from the front-end will DESTROY a lot of functionality across a lot of shops. 

I would therefore be betting that this endpoint will not be deprecated, but instead, Shopify will be forced to create a new set of filters so that merchants can choose to hide available fields from the endpoint. That is likely the only solution to this problem.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
tacticalArtist
New Member
1 0 0

I'm new to Spotify and happened to stumble on this post while searching for .json endpoints available to clients. 

I've found several but was wondering if there was a list or docs..  anyway


Was the problem with revealing vendors ever sorted out?

PublicApps
Shopify Partner
142 5 34

Is there any update from Shopify to this subject? Some store owners complain about bots tracking updates to their products/tracking product releases.

Public Apps | Theme customization & App development
 - Was my reply useful? Like it to let me know!
 - Did I answer your question? Please mark as Accepted Solution.
 - Need more help? Contact us.

marcosvgoulart
Tourist
9 0 3

They copied all products from my store.

With this code:

products.json?page_info=etvvxxx&limit=5000

And they are using this plugin to copy all products:

apps.shopify.com/product-copy

apps.shopify.com/import-products-from-json

Is there any way to avoid this?

LojaBelleFemme
New Member
2 0 0
Any news on the issue? I'm trying to do it with bots and locking an endpoint on my products and I didn't find it because I handle an endpoint
LojaBelleFemme
New Member
2 0 0

Any news on the issue? I'm trying to do it with bots and locking an endpoint on my products and I didn't find it because I handle an endpoint