When merchants have large sales volumes, they also have large volumes of data on all their customers who have made orders.
So when merchants add new apps to their stores, it’s important for them to know that this data is protected and not being accessed unnecessarily.
To help increase merchant trust in apps, we’re introducing updates to the scopes within the Order API.
You might also like: Platform Updates That Will Help you Extend Your Offering and Build Faster.
Added protections for order data
One area we pay special attention to is data surrounding a merchant’s orders. There are many apps that require access to orders, but when a merchant installs one of these apps, they are implicitly giving out the entire order history of their shop. In some cases, this could be upwards of ten years of customer activity.
For certain apps, such as those that build year-over-year earnings reports, this level of access is necessary. However, for many of the apps that work with orders, access to this much data may be unnecessary. With GDPR now in effect, it’s especially important to avoid accessing data that your app doesn’t have a real need for.
To help you access only what you need—and for merchants to feel more secure about how apps access their data—we’re introducing a new access scope called read_all_orders
.
Update: Learn how the release of order editing impacts app developers.
Requesting the scope to read all order data
Going forward, apps that require access to all of a merchant’s orders will first need to be approved by Shopify. Once we approve the request, the read_all_orders
scope can be added to an app, just like the read_orders
scope. Both scopes must be used together to access all orders (read_all_orders
plus one of read_orders
or write_orders
).
Because we don’t want to interfere with apps that don’t require all of a shop’s orders, any apps that have the standard read_orders
or write_orders
scope will have access to the last 60 days of a shop’s orders, and do not require any associated approval from Shopify—simply from the merchant during the standard app installation flow. These apps will have no issue using the Order API or webhooks—they will simply have a window of 60 days worth of orders.
Apps that require the escalated access to all orders can request Shopify’s approval through the Shopify Partners Dashboard.
You will be prompted to explain the reason why your app needs this scope, as we would like to prevent apps from accessing data unnecessarily.
You might also like: How to Generate a Shopify Access Token.
Informing merchants of the data your app is requesting
Over the years, we’ve added more fine-grained control to allow apps to request access to different resources on a merchant’s shop. The current app installation page summarizes these access scopes in a readable way for merchants.
A merchant is presented this screen each time an app is being installed, but they may not be crystal clear on which scopes are being granted.
To solve this problem, we’ve modified the app installation page to highlight any sensitive scopes being requested by the app. Merchants will now see a yellow notification when installing an app that has access to all orders.
When merchants trust apps, our app ecosystem thrives
These changes to the Order API will help assure merchants that their data is safe with your app and with Shopify. By being mindful of what data apps need to access, and making sure merchants are fully aware of what scopes are being granted to their apps, we’ll build a strong and trusting app ecosystem.
Read more
Questions about changes to the Order API? Ask them in the comments below!