Main issue: A developer building a Singer tap for Shopify (GraphQL/Bulk API) wants to determine required access scopes per GraphQL type to hide unsupported types/fields (including Shopify Plus–only fields) and avoid failing queries.
Key update: There is no Shopify API/GraphQL query that returns the scopes needed for each GraphQL type. Required scopes must be inferred from Shopify documentation (e.g., orders: read_orders or read_all_orders; products: read_products).
Process guidance:
Tooling constraints: Since end users provide credentials, the developer wants to suppress unsupported fields proactively. Using the Bulk API returns generic “not authorized” errors without field-level detail, making it hard to identify missing scopes.
Status: No direct solution to map GraphQL types to scopes. Suggested workaround is to rely on documentation and OAuth-granted scope checks. The need for a type-to-scope mapping or clearer Bulk API error details remains unresolved.
I am working on a singer tap for shopify using the graphql api, I was able to create the schema fetching graphql types, but when building the query I need to remove the types that are not in the user’s scope. I could not find a way of getting the scopes needed for each one of the graphql types in order to filer them out and include/remove fields just available on shopify plus.
Is there a query that will provide the scopes needed for each type?
Hi Sehnem,
Currently, Shopify does not provide a direct query to get the scopes needed for each GraphQL type. However, the access scopes required for each type of data can be inferred from the Shopify documentation.
For example, to access order data, your app needs the read_orders or read_all_orders scope. For accessing product data, your app requires the read_products scope.
To manage the scopes of your app, you must:
Remember that the scopes granted to your app are dependent on the permissions given by the user during the OAuth process.
If your app needs to access certain types that are not included in your current access scopes, you must undergo the OAuth process again, this time requesting the additional scopes.
Hope this helps!
As I am not developing a specific app, but a tool to integrate other apps, I will not configure the credentials myself, it will be done by the user, that’s why it would be useful to have a way of getting the scopes for different graphql types, so I could just not show them instead of just failing when running the query.
An other thing is that I am using mostly the bulk API, and I am not getting details about the error, so the user will just get that the permission is not authorized but not the fields. I will try to figure out an other way of making it work.
Thanks for the help.