What access of the store is a NO NO for any API?
I have been trying to get this Breeze.in one-page checkout installed.
The developer then asked me to give the whole store access which I found weird and unsafe. I want to know how i make sure that I am not sharing my store analytics etc with API which can use this to its advantage if they have a similar flagship store like mine
Currently, I have given them the following permission in the API configuration. Any help is greatly appreciated.
