[ACTION REQUIRED] Apps require Shopify approval to read orders older than 60 days This post is outdated
Shopify is introducing an important change to our Orders API, to help preserve the trust that merchants have when using third-party apps.
As of today (June 6th, 2018), public apps will no longer be able to access a merchant’s orders older than 60 days with the current read_orders or write_orders access scopes.
Going forward, apps that require access to all of a merchant’s orders will first need to be approved by Shopify. Once Shopify approves the request, apps can begin requesting the new read_all_orders scope during OAuth.
How to request access to read_all_orders
Partners can request approval to read orders older than 60 days via the partners dashboard.
Once approved by a Shopify admin, and you have been notified that your app was granted access, you must then request the new read_all_orders access scope during OAuth. Note that you must use the new read_all_orders scope in conjunction with one of read_orders or write_orders scope.
These changes to the Order API will help assure merchants that their data is safe with your app and with Shopify. By being mindful of what data apps need to access, and making sure merchants are fully aware of what scopes are being granted to their apps, we’ll build a strong and trusting app ecosystem.
To learn more about the read all orders change, check out our blog post here.
If you have any questions or concerns, don’t hesitate to reach out to email@example.com or comment in the thread below.
Edit: 10:15am EDT
A large majority of pre-approved apps viewing orders older than 60 days have been migrated to have the new permission automatically. If your app is one of them you will receive an email from the Shopify Apps Team today.
Edit: 10:40am EDT
Private apps are not affected by this change and automatically will have the scope.
The majoriy of apps that were previously accessing orders older than 60 days have been grandfathered into the new permission. You will still need to add the new scope to your OAuth flow. There will be an email sending out shortly to your registered e-mail if your app is included in this list. You can also check this in the App Setup section of the Partners Dashboard, you'll either see a section to request all orders access or a a status message that says "Your app can access the full order history for a store."
Edit: 1:40pm EDT
Hey All, just want to clear up some confusion as we're seeing the same question a few times.
A) Private apps
- No action required, have been granted the ability to view orders older than 60 days by default
B) Public App that has been approved to view orders older than 60 days (grandfathered)
- No need to request the ability to see orders older than 60 days from Shopify
- Have to add `read_all_orders` to their OAuth request in conjunction with either `read_orders` or `write_orders` before July 9th, 2018
- After July 9th, 2018, will not be able to see orders older than 60 days on a per shop basis unless they have been approved by the merchant with `read_all_orders`
C) Public App that has not been approved
- Can not add `read_all_orders` to their OAuth request without prior Shopify approval
- Can not view orders older than 60 days as of today June 6th, 2018
- If approved now has the same requirements as B)