API access scopes
Part of the authorization process requires specifying which parts of a shop's data the client would like access to. A client can ask for any of the authenticated or unauthenticated access scopes listed below.
You can check your granted access scopes for an app via the AccessScope resource.
Authenticated access scopes
Authenticated access scopes control access to resources in the REST Admin API and the GraphQL Admin API. Authenticated access is intended for interacting with a store on behalf of the merchant to perform actions such as creating products and managing discount codes.
Access to Article, Blog, Comment, Page, and Redirect.
Access to Asset and Theme.
Access to Product, Product Variant, Product Image, Collect, Custom Collection, and Smart Collection.
Access to Product Listing, and Collection Listing.
Access to Customer and Saved Search.
Access to Order, Transaction and Fulfillment.
Grants access to all orders rather than the default window of 60 days worth of orders. This OAuth scope is used in conjunction with
write_orders. You need to request this scope from your Partner Dashboard before adding it to your app.
Access to Draft Order.
Access to Inventory Level and Inventory Item.
Access to Location.
Access to Script Tag.
Access to Fulfillment Service.
Access to Carrier Service, Country and Province.
Access to Analytics API.
Access to User SHOPIFY PLUS.
Access to Checkouts.
Access to Reports.
Access to Price Rules.
Access to Marketing Event.
Access to ResourceFeedback.
Access to the Shopify Payments Payout, Balance, and Transaction resources.
Access to the Shopify Payments Dispute resource.
Unauthenticated access scopes
Unauthenticated access scopes control access to objects in the Storefront API. Unauthenticated access is intended for interacting with a store on behalf of a customer to perform actions such as viewing products or initiating a checkout.
A storefront access token is required to make requests to the Storefront API. Any storefront access tokens created by your app automatically inherit the unauthenticated access scopes granted to it.
The following unauthenticated scopes can be requested:
Unauthenticated access to read the Product and Collection objects.
Unauthenticated access to the Checkout object.
Unauthenticated access to the Customer object.
Unauthenticated access to read the
tagsfield on the Customer object.
Unauthenticated access to read storefront content, such as Article, Blog, and Comment objects.