Scopes for Analytics (read_reports, read_all_orders)

Shopify Apps
,

Topic summary

Access to Shopify’s analytics via shopifyqlQuery requires read_reports and Level 2 protected customer data permissions, even when only aggregating order counts. The app already has read_all_orders but is blocked by an error demanding read_reports and Level 2 access (name, address, phone, email).

Goal: Aggregate monthly/daily counts from orders without accessing customer PII.

Technical details: A ShopifyQL (Shopify’s analytics query language) GraphQL call is used: “FROM orders SHOW sum(orders)”. The provided code snippet is central to the issue.

Concern: Requesting Level 2 customer data feels unnecessary for simple aggregates; seeking an alternative method that avoids these scopes.

Latest update: Another participant asked if a workaround was found. No solution or official guidance is shared; the thread remains open with unanswered questions about alternatives to shopifyqlQuery that don’t require read_reports/Level 2 permissions.

Summarized with AI on January 2. AI used: gpt-5.
1

Hi,

When trying to receive information from the analytics API we are prompted to request access to read_all_orders and read_reports.

We have done this for read_all_orders, but now we have same for: read_reports.

However we are just trying to aggregate the counts for months, days etc.

Error in question:

Access denied for shopifyqlQuery field. Required access: `read_reports` access scope. Also: Level 2 access to Customer data including name, address, phone, and email fields. Please refer to https://shopify.dev/apps/store/data-protection/protected-customer-data.

This is the query that I’m sending:

{
  shopifyqlQuery(query: "FROM orders SHOW sum(orders)") {
    __typename
    ... on TableResponse {
      tableData {
        unformattedData
        rowData
        columns {
          name
          dataType
          displayName
        }
      }
    }
    parseErrors {
      code
      message
      range {
        start {
          line
          character
        }
        end {
          line
          character
        }
      }
    }
  }
}

It doesn’t sit nice with me that I need to request access to “Level 2 access to Customer data including name, address, phone, and email fields.”, I never need access to this information.

Any other way to do this?

2

Hi @bvvliet , did you ever find other way to do this?