Access scopes for the REST Admin API
The REST Admin API is a legacy API as of October 1, 2024. All apps and integrations should be built with the GraphQL Admin API. For details and migration steps, visit our migration guide.
All apps need to request access to specific store data during the app authorization process. This guide provides a list of available access scopes for the REST Admin API.
Anchor to How it worksHow it works
For more information on how to configure your access scopes, refer to app configuration.
Authorization is the process of giving permissions to apps. Users can authorize Shopify apps to access data in a store. For example, an app might be authorized to access customer data in a store.
For the REST Admin API, an app can request authenticated access scopes. Authenticated access is intended for interacting with a store on behalf of a user. For example, creating products and managing discount codes.
Shopify has additional access scope types for working with GraphQL APIs. Learn more.
Anchor to Authenticated access scopesAuthenticated access scopes
Your app can request the following authenticated access scopes:
| Scope | Access |
|---|---|
read_assigned_fulfillment_orders,
| FulfillmentOrder resources assigned to a location managed by your fulfillment service |
read_checkouts,
| Checkouts |
read_content,
| Article, Blog, Comment, Page, and Redirects |
read_customers,
| Customer |
read_draft_orders,
| Draft Order |
read_fulfillments,
| Fulfillment Service |
read_gift_cards,
| Gift Card |
read_inventory,
| Inventory Level and Inventory Item |
read_locations | Location |
read_marketing_events,
| Marketing Event |
read_merchant_managed_fulfillment_orders,
| FulfillmentOrder resources assigned to merchant-managed locations |
read_orders,
| Abandoned checkouts, Customer, Fulfillment, Order, and Transaction resources |
read_price_rules,
| Price Rules |
read_products,
| Product, Product Variant, Product Image, Collect, Custom Collection, and Smart Collection |
read_product_listings | Product Listing and Collection Listing |
read_reports,
| Reports |
read_resource_feedbacks,
| ResourceFeedback |
read_script_tags,
| Script Tag |
read_shipping,
| Carrier Service, Country, and Province |
read_shopify_payments_disputes | Shopify Payments Dispute resource |
read_shopify_payments_dispute_evidences | Shopify Payments Dispute Evidence resource |
read_shopify_payments_payouts | Shopify Payments Payouts, Balance, and Transaction resources |
read_themes,
| Asset and Theme |
read_third_party_fulfillment_orders,
| FulfillmentOrder resources assigned to a location managed by any fulfillment service As of API version 2024-10, fulfillment orders that are assigned to a fulfillment service can only be fulfilled by the fulfillment service app that manages the location they are assigned to. |
read_users | Usershopify plus |
Anchor to Checking granted access scopesChecking granted access scopes
You can check your app’s granted access scopes. The following is an example request:
GET https://{store_name}.myshopify.com/admin/oauth/access_scopes.json{
"access_scopes": [
{
"handle": "read_products"
},
{
"handle": "write_orders"
},
{
"handle": "read_orders"
}
]
}Anchor to Limitations and considerationsLimitations and considerations
- Apps should request only the minimum amount of data that's necessary for an app to function when using a Shopify API. Shopify restricts access to scopes for apps that don't require legitimate use of the associated data.
- Only public or custom apps are granted access scopes. Legacy app types, such as private or unpublished, won't be granted new access scopes.