Hi all! I’m working on making an Oauth implementation to make requests with the Rest Admin API. When I use the offline_access_mode , all the scopes I send in the scope parameter in the URL (read and write customer,order,product) can be used by the app, but when I try the online_access_mode, the scopes become limited to just write_customer even though I also sent scopes for order and product in the url. Is this normal or could there be something wrong with my implementation? Thank you!
1 Like
It is normal for the scopes available to an app to be limited when using the online_access_mode. The online_access_mode is intended for apps that need to access a store’s data on behalf of a store owner while the store owner is actively using the app. In this mode, the app can only access the scopes that the store owner has granted it.
On the other hand, the offline_access_mode is intended for apps that need to access a store’s data on behalf of a store owner even when the store owner is not actively using the app. In this mode, the app can access all of the scopes that the store owner has granted it, as well as the “offline_access” scope, which allows the app to make requests to the API on behalf of the store owner even when the store owner is not actively using the app.
If you are using the online_access_mode and you are only able to access the write_customer scope, it is likely that this is the only scope that the store owner has granted your app. You will need to ask the store owner to grant your app additional scopes if you need to access other types of data (such as order and product data).
I hope this helps clarify the difference between the online_access_mode and the offline_access_mode, and how they affect the scopes available to an app. If you have any further questions or if you are having trouble implementing OAuth for the Rest Admin API, you may want to contact Shopify support for further assistance.
Thanks for the great explanation! I’m starting to understand. With regards to this part:
The account I use as the store owner and Shopify partner is the same account. What do I do to get access to the other types of data in this case? I tried logging in to Shopify admin and checking for any configurations, but I can’t find any for this case. Thank you!
If you are using the same account as both the store owner and a Shopify partner, you should have access to all the data and functionality available to both roles. This includes access to the Shopify admin, access to the Partner Dashboard, and access to the APIs and other developer resources available to partners.
To access the Partner Dashboard, you can log in to your Shopify account and click on the “Partners” link in the top menu. This will take you to the Partner Dashboard, where you can access resources such as the Partner program overview, the App Development Kit, and the Partner API.
If you are experiencing issues accessing the Partner Dashboard or other resources as a partner, it is possible that there may be a problem with your account or with your permissions.
You can contact Shopify support for assistance by clicking on the “Contact” link at the bottom of the Shopify login page and following the prompts to contact support.
I hope this helps! Let me know if you have any questions.
Hmm, if that’s so, any possible reasons why, when redirected to the Oauth Grant screen (Where the user can click “Install App”), my app scopes keep getting limited to just write_customers whenever I use online_access_mode? Even though I have already added in the scope parameter in the authorization request that I need read_orders,write_orders,read_products,write_products scopes?
1 Like