App reviews, troubleshooting, and recommendations
We have a custom app with read order and customer api scopes. We trust the third party using these, but out of pure curiosity I'm curious if there is a way to monitor what they are pulling (i.e. viewing).
I'm curious in a general sense, and if so, is this possible through Shopify.
Thank you.
Solved! Go to the solution
This is an accepted solution.
You cannot see specifics but they should only be able to access the specific permissions you have given them , such as editing-products, or viewing-orders, etc.
If they have all permissions there better be a very good reason.
Submit a feature request directly to shopify support that you need to access api logging and auditing for the merchant side of things, for platform trust* or some other corporate-sentiment to get the point across to internal teams.
The current system is a shaky black box of forced-trust merchants have to take unverifiable risks with, when merchants should be able to trust-but-verify with facts.
Since it's a custom app a way to do this would be to set up a middleware logging proxy under your control as a custom app, then that's what the third-party custom app connects to instead of directly to shopify.
Then the middware is what actually connects to shopify just passing through every request while logging it; keeping in mind this adds overhead not just to the apps but to the business having to become even more of a software-development-business.
This does not apply to a public shopify store app.
There are tools speeding developing this like https://www.apideck.com/products/proxy/shopify
But afaik no middleware software that is ready to go off the shelf.
The current "log" systems are:
*If you go through the forums it's hilariously weird all the "features" merchant try to claim that shopify "should just have because X" , meanwhile baseline process truths like auditing, backups, etc aren't given a thought; at least until something big happens like the GDPR laws.
Contact paull.newton+shopifyforum@gmail.com for the solutions you need
Save time & money ,Ask Questions The Smart Way
Problem Solved? ✔Accept and Like solutions to help future merchants
Answers powered by coffee Thank Paul with a ☕ Coffee for more answers or donate to eff.org
It's not possible with Shopify. I can't recall any other application offer that feature either but it would definitely be helpful to see the data!
This is an accepted solution.
You cannot see specifics but they should only be able to access the specific permissions you have given them , such as editing-products, or viewing-orders, etc.
If they have all permissions there better be a very good reason.
Submit a feature request directly to shopify support that you need to access api logging and auditing for the merchant side of things, for platform trust* or some other corporate-sentiment to get the point across to internal teams.
The current system is a shaky black box of forced-trust merchants have to take unverifiable risks with, when merchants should be able to trust-but-verify with facts.
Since it's a custom app a way to do this would be to set up a middleware logging proxy under your control as a custom app, then that's what the third-party custom app connects to instead of directly to shopify.
Then the middware is what actually connects to shopify just passing through every request while logging it; keeping in mind this adds overhead not just to the apps but to the business having to become even more of a software-development-business.
This does not apply to a public shopify store app.
There are tools speeding developing this like https://www.apideck.com/products/proxy/shopify
But afaik no middleware software that is ready to go off the shelf.
The current "log" systems are:
*If you go through the forums it's hilariously weird all the "features" merchant try to claim that shopify "should just have because X" , meanwhile baseline process truths like auditing, backups, etc aren't given a thought; at least until something big happens like the GDPR laws.
Contact paull.newton+shopifyforum@gmail.com for the solutions you need
Save time & money ,Ask Questions The Smart Way
Problem Solved? ✔Accept and Like solutions to help future merchants
Answers powered by coffee Thank Paul with a ☕ Coffee for more answers or donate to eff.org
Thank you both for answering. The 3rd party is only able to access what scopes we provided, and we limited those to just the necessary ones, and we do trust them, so my question is more academic.
While I'm not surprised Shopify doesn't offer this ability, because there's so many basics they don't, it just seems odd to have no monitoring of what the api is being used for. Like @PaulNewton wrote, trust but verify.
@hostilearth wrote:we do trust them
If/when it comes up the big problem merchants should press is this:
That initial trust makes you have to trust everyone who isn't them that is involved with what the access they have , the entire supply-chain. Their contractors, their vendors, their host providers, the libraries and services they use.
It's like the UPS driver having the pin code for the building, but also the drivers mechanic has it, the gas station attendant has it, the toll booth workers have it; and the building never installs security cameras.
Good luck out there.
Contact paull.newton+shopifyforum@gmail.com for the solutions you need
Save time & money ,Ask Questions The Smart Way
Problem Solved? ✔Accept and Like solutions to help future merchants
Answers powered by coffee Thank Paul with a ☕ Coffee for more answers or donate to eff.org
By investing 30 minutes of your time, you can unlock the potential for increased sales,...
By Jacqui Sep 11, 2024We appreciate the diverse ways you participate in and engage with the Shopify Communi...
By JasonH Sep 9, 2024Thanks to everyone who participated in our AMA with 2H Media: Marketing Your Shopify St...
By Jacqui Sep 6, 2024