Hoping to get a response from someone in the Shopify staff.
I’ve been working on an app that allows store customers (with or without account) to generate personal products. The problem I’m having now is that I don’t want anyone else to be able to see these products.
This has been asked a lot, an often Shopify staff will point devs asking about this to one of these password-protect apps, but this does not really work as EVERY Shopify store has multiple endpoints that allow you to request a list of ALL products (like products.json)
You might not be able to order a product, but you can still see all if its information, like variants and images. I’ve seen multiple stores that use apps promoted by Shopify staff that allow for the generation of custom products, that leak personal information this way. Everything from phone cases with names, to throw pillows with kids’ faces on them, to wedding invites with loads of personal information.
There are some ways to get around this, by creating an intricate system of products and linked metaobjects (which can be private) and loads of custom code. But it would be so, SO much easier if there simply was an option to mark a product as private, meaning it should work exactly the same as any other product, but only be accessible via a direct URL or API calls, and NOT appear in any of these general endpoints.
Is there a specific reason why this option does not exist?