d
Topic
Ryan O Shopify Employee
Posts:
233
Last edited 10 months ago

[New Launch] Access Scope API This post is outdated

Today, we're launching the new Access Scope API which allows you to query a merchant's shop for the list of permissions associated to your app.

GET /admin/oauth/access_scopes.json

{
  "access_scopes": [
    {
      "handle": "read_products"
    },
    {
      "handle": "write_orders"
    }
  ]
}

Using this functionality you can easily manage scopes across your various user's shops.

Access scopes include permissions, such as read_orders and write_products, that allow apps to access data from a shop. The list of access scopes retrieved is based on the access token used for the request, and it contains only those access scopes that are granted to the token. For example, the list may contain all access scopes, or it may contain a subset if the access token has limited permissions.  You can find the related documentation here.

As always, if you have any questions, feel free to reach out in the thread below.

i
Replies
Posts:
3851
10 months ago

So we install an App with scopes, and now we can query if the scopes we set match? Just in case we forgot what scopes we used. Wowza. 

Just as an aside, since you're tinkering with Scopes and Apps, would be nice if you could make so that we could adjust scopes on the fly, and have merchants approve the scope changes, all without us having to have the merchant uninstall/reinstall. Now that would be something!

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
Jamie D. Developer Experience
Posts:
533
10 months ago

Just in case we forgot what scopes we used. Wowza. 

Can't tell if sarcastic or not... 😅

and have merchants approve the scope changes, all without us having to have the merchant uninstall/reinstall.

This is actually totally possible and this change was mostly introduced in order to better handle this exact scenario. Once your app has been installed already, you can redirect the merchant back to the OAuth grant screen (/admin/oauth/authorize?[...]) with a new set of scopes, and Shopify will prompt the merchant to update the permission set. Making the access scopes programatically accessible improves this process as you can query the API to determine which scopes have been granted in order to conditionally redirect to the grant screen.

Cheers!

Jamie D. Developer Experience
Posts:
533
Last edited 9 months ago

Come to think of it, that's something that probably deserves to be documented much more clearly. Thanks for the inspiration!