Get scope for a graphQL type

Retired Boards Appdev Authentication
,

Topic summary

Main issue: A developer building a Singer tap for Shopify (GraphQL/Bulk API) wants to determine required access scopes per GraphQL type to hide unsupported types/fields (including Shopify Plus–only fields) and avoid failing queries.

Key update: There is no Shopify API/GraphQL query that returns the scopes needed for each GraphQL type. Required scopes must be inferred from Shopify documentation (e.g., orders: read_orders or read_all_orders; products: read_products).

Process guidance:

  • Scopes are permissions granted via OAuth; request needed scopes during OAuth and check granted scopes in the OAuth response.
  • If additional data/types are needed, re-run OAuth requesting extra scopes. Granted scopes depend on the merchant’s approval.

Tooling constraints: Since end users provide credentials, the developer wants to suppress unsupported fields proactively. Using the Bulk API returns generic “not authorized” errors without field-level detail, making it hard to identify missing scopes.

Status: No direct solution to map GraphQL types to scopes. Suggested workaround is to rely on documentation and OAuth-granted scope checks. The need for a type-to-scope mapping or clearer Bulk API error details remains unresolved.

Summarized with AI on January 17. AI used: gpt-5.
2

Hi Sehnem,

Currently, Shopify does not provide a direct query to get the scopes needed for each GraphQL type. However, the access scopes required for each type of data can be inferred from the Shopify documentation.

For example, to access order data, your app needs the read_orders or read_all_orders scope. For accessing product data, your app requires the read_products scope.

To manage the scopes of your app, you must:

  1. Request the desired scopes during the OAuth process.
  2. Check the granted scopes in the OAuth response.

Remember that the scopes granted to your app are dependent on the permissions given by the user during the OAuth process.

If your app needs to access certain types that are not included in your current access scopes, you must undergo the OAuth process again, this time requesting the additional scopes.

Hope this helps!

1 Like