I'm developing a private app for Shopify, with the scopes:
But when someone tries to install my app, it tells them that the app can read orders and private informations for customers. But I don't know why?
The app doesn't need access to customer data to function. Any idea how to fix this?
There is customer information embedded in order information. Although your app can't directly access the customer information via the Customers API, it will still have access to customer information that is part of an order, such as name, billing/shipping address, email address and phone number.
Thank you for your reply.
But I still don't understand how my current API permission scopes are related to orders?
I never got a valid answer here. Does anyone know why and how my app need permission to orders, even without the scope?
Sorry for my delayed response! There is Order information visible via shipping and fulfillments data which is accessible with the read_shipping scope. A fulfillment object contain information such as order number, line items, and price - as well as customer address information. You can see an example of this object here: https://shopify.dev/api/admin-rest/2021-10/resources/fulfillmentorder#resource_object
Hope this helps!