Hi,
I am encountering a scenario where a wholesaler/3rd party wants to access my Shopify account to fulfill orders.
However, their application is asking for full access to my account. Meaning they will see all orders/inventory for all products. Including data (e.g. customer lists) that does not concern them and is outside of our partnership.
Is there a way to only allow a wholesaler/3rd party specific access outside of asking them to change their application?
Is the only option to create (and pay for) a secondary store backend?
Any help would be appreciated!
Thank you
@Gentileschi I’ve dealt with a similar situation before, and unfortunately, most third-party fulfillment apps will request full access by default since they’re designed to read all store data for automation. The safest way around this is to create a separate staff or collaborator account for the wholesaler and limit their permissions to only what’s necessary for example, orders and inventory.
If the app itself is forcing full-store access, another option is to use Shopify Flow or Zapier to automatically send only the relevant order data to them, that way, they can still fulfill orders without touching your entire backend or customer list.
Setting up a second backend/store is possible but usually not worth the cost unless you’re separating brands completely. For most cases, controlling permissions or using a custom workflow integration is enough to keep things secure and private.