Access to the Asset API is no longer available to public apps

Retired Boards Appdev Authentication

Topic summary

Change in Shopify API 2023-04 restricts public apps from creating, updating, or deleting theme assets via the Asset API, even with write_themes/read_themes scopes.

Recommended approach: migrate theme modifications to app extensions, which are supported and more secure.

Exemptions: limited cases may qualify for an exemption allowing direct Asset API use. Merchants/developers should contact Shopify support to assess eligibility.

Open question: whether approved apps need to reauthorize or whether existing tokens/scopes will continue to work was not answered; the thread directs this to Shopify support.

Key terms:

  • Asset API: endpoint for managing theme asset files (create/update/delete).
  • Scopes (write_themes/read_themes): permissions related to theme access; no longer sufficient for Asset API modifications by public apps.
  • App extensions: Shopify’s preferred method for extending/modifying themes.
  • Public apps: apps distributed broadly (e.g., via the Shopify App Store).

Status: no resolution in-thread; next steps are to adopt app extensions or seek support for an exemption and clarification on token/reauthorization behavior.

Summarized with AI on January 11. AI used: gpt-5.
1

Hello,

due to changelog 2023-04 when requesting the Asset API, access to create, update, and delete assets is no longer accessible for public apps. Our app already has scopes write_themes and read_themes. Should we ask for some additional permissions to not lose access to Asset API? Or if our app already has these scopes it means that we will have access in 2023-04 and all the next versions?

Thanks!

2

Hi @development1_1 ,

Regarding the changes in the Shopify API version 2023-04, you’re correct to be proactive about ensuring your app maintains the necessary access. With this update, the ability to create, update, and delete assets through the Asset API will be restricted for public apps, even if they have the write_themes and read_themes scopes.

In most scenarios, transitioning to using app extensions is the recommended approach. App extensions are generally more suitable and secure for modifying themes. However, there are limited circumstances where an exemption from these changes might be granted. If you believe your app has a valid reason for direct theme modification, it would be advisable to contact Shopify support to discuss the possibility of an exemption.

3

In case our app will get this approval. Do we need to go through authorization again to not lose access to the API or all existing tokens will still be available and will have needed scopes to use Assets API?

4

These questions would be best directed to Shopify support.