Why do my app need permission to orders, even without the scope?

ModiKasper
New Member
4 0 0

I'm developing a private app for Shopify, with the scopes:

  • read_products
  • read_inventory
  • read_shipping
  • read_price_rules

But when someone tries to install my app, it tells them that the app can read orders and private informations for customers. But I don't know why?

The app doesn't need access to customer data to function. Any idea how to fix this? 🙂

Replies 4 (4)

csam
Shopify Staff (Retired)
267 40 51

Hi @ModiKasper 

There is customer information embedded in order information. Although your app can't directly access the customer information via the Customers API, it will still have access to customer information that is part of an order, such as name, billing/shipping address, email address and phone number. 

To learn more visit the Shopify Help Center or the Community Blog.

ModiKasper
New Member
4 0 0

Thank you for your reply.

But I still don't understand how my current API permission scopes are related to orders?

ModiKasper
New Member
4 0 0

I never got a valid answer here. Does anyone know why and how my app need permission to orders, even without the scope?

csam
Shopify Staff (Retired)
267 40 51

Hi @ModiKasper 

Sorry for my delayed response! There is Order information visible via shipping and fulfillments data which is accessible with the read_shipping scope. A fulfillment object contain information such as order number, line items, and price - as well as customer address information. You can see an example of this object here: https://shopify.dev/api/admin-rest/2021-10/resources/fulfillmentorder#resource_object

Hope this helps!

Regards,

 

 

To learn more visit the Shopify Help Center or the Community Blog.