Shopify notified app developers that the write_app_proxy scope will be required starting November for apps using app proxies. The original poster’s app displays dynamic content via app proxy without editing store data, raising confusion about whether the scope is necessary.
Initial confusion:
Documentation stated the scope is for “editing page content,” which sounded more invasive than simply displaying content
The permission request message shown to merchants appeared concerning, suggesting the app would modify store data
Community responses:
One user suggested the scope is only needed if the app edits something, citing Shopify docs
However, this contradicted the notification requiring it for all app proxy usage
Multiple developers shared concerns about requesting new permissions from existing merchants, fearing it would appear suspicious
Resolution:
Shopify updated their documentation in August to clarify: the scope is required for all apps using app proxies, not just those editing content. The updated docs explicitly state apps displaying dynamic data through proxies need this scope.
Status: Resolved through documentation update, though concerns remain about how the permission request appears to merchants.
Summarized with AI on October 25.
AI used: claude-sonnet-4-5-20250929.
We provide an app that displays dynamic content on a store. The content is fetched from our server via an app proxy. We do not edit anything about the store, but we fetch the products. The documentation says this about that scope:
This sounds concerning. Like we now want to edit their store data! (Ignore the yellow part, that’s because its an unpublished development app where I test things.)
So do I actually need that scope?
(Is this the correct place to ask this? If not, what is?)
Are you employed by Shopify? If not, where do you have your information from? I just want to be sure that the app doesn’t just stop working come November. Thank you!
Additionally I was thinking perhaps for installed shops this can be done by API so we won’t need to suddenly ask them for permission and they might think we changed something in the app.
No, I was hoping I will get an answer here before November.
I tested it on a development version of our app. Just added the new scope and deployed the theme extension. The next time I opened the app admin page of a store with that app installed I got the message that I posted above.
Someone on Mastodon said, that they’re a store admin, not a app dev, and as such they are just trained to click yes to everything. I.e. they think it won’t be too bad. But still, I only want to request the scopes that we really need.
Yeah I mean I’m more curios if the app will work without asking for the new scope.
I assume it won’t, and to be honest I do understand how Shopify see that if the app adds any content on the storefront (that’s what the proxy is for) then they consider it “editing the storefront” and I’m OK with it (although the text is a bit alarming, it makes it sounds like we’re changing the content of their store which we’re not and proxy doesn’t even allow it).
My biggest issue is the fact you have to ask this new permission also from CURRENT stores as this will look to them like we’ve changed something and that from now on we’re starting to change their storefronts… which of course we don’t.
I’ve just tested it, and the text customers see is still the same, unfortunately. I wish the scope could be listed in “optional_scopes” rather than the required “scopes”, but that doesn’t seem to be the case, according to the example. Most of my app’s customers don’t even use the feature, but all of them will soon see how the app could potentially destroy their online store (at least, based on the text in the data access popup).
