Why do my app need permission to orders, even without the scope?

ModiKasper
New Member
4 0 0

I'm developing a private app for Shopify, with the scopes:

  • read_products
  • read_inventory
  • read_shipping
  • read_price_rules

But when someone tries to install my app, it tells them that the app can read orders and private informations for customers. But I don't know why?

The app doesn't need access to customer data to function. Any idea how to fix this?

Replies 4 (4)
csam
Shopify Staff
154 24 25

Hi @ModiKasper 

There is customer information embedded in order information. Although your app can't directly access the customer information via the Customers API, it will still have access to customer information that is part of an order, such as name, billing/shipping address, email address and phone number. 

CS | API Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

ModiKasper
New Member
4 0 0

Thank you for your reply.

But I still don't understand how my current API permission scopes are related to orders?

ModiKasper
New Member
4 0 0

I never got a valid answer here. Does anyone know why and how my app need permission to orders, even without the scope?

csam
Shopify Staff
154 24 25

Hi @ModiKasper 

Sorry for my delayed response! There is Order information visible via shipping and fulfillments data which is accessible with the read_shipping scope. A fulfillment object contain information such as order number, line items, and price - as well as customer address information. You can see an example of this object here: https://shopify.dev/api/admin-rest/2021-10/resources/fulfillmentorder#resource_object

Hope this helps!

Regards,

 

 

CS | API Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog