You do not have permission to create webhooks with orders\/create topic

Shopify Apps

Topic summary

Main issue: Developers cannot register the orders/create webhook due to a permission error stating the topic contains protected customer data (PII). The error links to a Shopify Partners “customer data” request form.

Key points:

  • orders/create is gated; access requires submitting the customer data protection form and receiving approval, even for development stores. Password-protecting a dev store or owning both app and store does not bypass this.
  • API versions matter: 2022-10+ enforces the gating; using 2022-07 can avoid the gate for testing, but apps must use 2022-10 or later to pass review.
  • Unclear if lacking TOS/Privacy Policy blocks approval at the development stage; not answered.

Updates and open questions:

  • One developer reports still getting the error on 2022-10 after submitting the form; no resolution provided.
  • Another asks what the current process is for development access given changes since 2022; unanswered.

Outcome: No confirmed fix in-thread. Action items are to complete the customer data access request, await approval, ensure a supported API version for review, and expect that development also requires this access. Discussion remains open.

Summarized with AI on December 11. AI used: gpt-5.
1

Hey,

I am in a strange situation. I am developing Shopify App (Laravel backend) (which is installed on my test store).

I want to register “order/create” webhook, but I keep getting this error:

REST request failed: \"You do not have permission to create webhooks with orders\/create topic. This topic contains protected customer data. See https:\/\/partners.shopify.com\/2491170\/apps\/24686460929\/customer_data for more details.

I have the scopes defined in:

shopify.app.toml

Screenshot 2023-01-26 at 06.47.42.png
Screenshot 2023-01-26 at 06.47.42.png1204×400 19.1 KB

Does anyone have an idea why this error keeps showing up? :slightly_smiling_face:

Best regards, Jan

2

The error message tells you what url you need to go too and submit a data protection form if you want to use orders webhooks.

Try reading your error message again.

~Polaris App Guy

3

Hey,

Thank you for your answer. I understand the error message (and already submitted the request for access) but it doesn’t make any sense to me.
Am I even gonna be able to pass the review since the App is still in development (meaning - it has no TOS, privacy policy, etc)?

The fact that doesn’t make sense to: Why is this special access required in my case - trying to run webhooks on my development testing store which is protected with password (created on the same account as App).

Jan

4

You should be concerned if it doesn’t make sense to you because you are working with privileged data and you will have access to personal identifiable information from many customers.

All you need to do is go into the form and say “yes” to everything and this includes for development. You can get around this by using a lesser version of the API like ‘2022-07’ where the form is not needed.

However, if you use ‘2022-07’ then your app won’t pass a review because all new apps need to use api version ‘2022-10’ or above.

~Polaris App Guy

2 Likes
5

Hello i am also getting the same error i am using 2022-10 API version and i have filled that form as well but still i am getting same error even in development store do you have any idea?

6

hey, jumping on this one, as things change bit from 2022, do you know what we need to do now in order to get this access for development? I filled the required what we need, still haven’t sent the app for review as we wanna test development first before we do so.