API access scopes

Part of the authorization process requires specifying which parts of a shop's data the client would like access to. A client can ask for any of the authenticated or unauthenticated access scopes listed below.

You can check your granted access scopes for an app via the AccessScope resource.

Authenticated access scopes

Authenticated access scopes control access to resources in the REST Admin API and the GraphQL Admin API. Authenticated access is intended for interacting with a store on behalf of the merchant to perform actions such as creating products and managing discount codes.

Unauthenticated access scopes

Unauthenticated access scopes control access to objects in the Storefront API. Unauthenticated access is intended for interacting with a store on behalf of a customer to perform actions such as viewing products or initiating a checkout.

A storefront access token is required to make requests to the Storefront API. Any storefront access tokens created by your app automatically inherit the unauthenticated access scopes granted to it.

The following unauthenticated scopes can be requested:

  • unauthenticated_read_product_listings
    Unauthenticated access to read the Product and Collection objects.
  • unauthenticated_write_checkouts
    Unauthenticated access to the Checkout object.
  • unauthenticated_write_customers
    Unauthenticated access to the Customer object.
  • unauthenticated_read_customer_tags
    Unauthenticated access to read the tags field on the Customer object.
  • unauthenticated_read_content
    Unauthenticated access to read storefront content, such as Article, Blog, and Comment objects.

Sign up for a Partner account to get started.

Sign up