Skip to main content

Migrate private metafields

Warning

Private metafields were removed in GraphQL Admin API version 2024-01. While some apps retain access until version 2025-01, we recommend migrating to public metafields as soon as possible.

Before ownership and permissions were introduced for metafields, the only way developers could create metafields that were private to their app was through private metafields. However, they have the following limitations:

Anchor to App-owned metafieldsApp-owned metafields

Regular metafields are “app-owned” if the metafield’s namespace contains your app's reserved namespace. An app reserved namespace is a metafield namespace that's prefixed with your app’s API client ID. This looks like the following:

app--{your-app-id}--{some-namespace}

Instead of requiring knowledge of your API client ID in the request, your app can use the $app shorthand in front of the desired namespace to add the prefix. For example, if your app wanted to declare a metafield with the namespace client_name, you would pass in $app:client_name as the namespace when creating the metafield through the metafieldsSet mutation. As a result, when reading this metafield back, the namespace looks like the following example:

app--12345--client_name

A metafield that uses a reserved prefix will be private by default and not accessible to anyone but your app. However, you may want to specify some granularity to how accessible your metafield can be.

Anchor to Updating your GraphQL queriesUpdating your GraphQL queries

As of the 2023-01 API version, private metafields have been migrated to app-owned metafields with reserved namespaces. The following sections show you how to migrate your app to use the new metafields system.

Anchor to Querying app-owned metafieldsQuerying app-owned metafields

In API version 2023-10 and lower, you could retrieve private metafields using the following queries:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL queries

query privateMetafields{
privateMetafields(owner: "gid://shopify/Order/148977776", namespace: "some_namespace", first: 2) {
edges {
node {
id
key
namespace
value
}
}
}
}

query privateMetafieldsFromResource{
product(id: "gid://shopify/Product/108828309") {
title
privateMetafields(namespace: "some_namespace", first: 5) {
edges {
node {
namespace
key
value
}
}
}
}
}

query privateMetafieldFromResource{
product(id: "gid://shopify/Product/108828309") {
title
privateMetafield(namespace: "some_namespace", key: "some_key") {
namespace
key
value
}
}
}

As of the 2023-01 API version, you can use the following queries (for types implementing hasMetafields) with the $app: shorthand followed by your private metafield's namespace:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL queries

query metafieldsFromResource{
product(id: "gid://shopify/Product/108828309") {
title
metafields(namespace: "$app:some_namespace", first: 5) {
edges {
node {
namespace
key
value
}
}
}
}
}

query metafieldFromResource{
product(id: "gid://shopify/Product/108828309") {
title
metafield(namespace: "$app:some_namespace", key: "some_key") {
namespace
key
value
}
}
}

Both the metafield and metafields query above under product (or other resource implementing hasMetafields) will filter through your app-owned metafields matching the specified namespace: app-{your-app-id}--some_namespace for that product. The metafields query returns a paginated list of metafields whilst metafield returns a single metafield by also matching against a specified key.

As of the unstable API version, you can also use the metafields query with the $app: shorthand:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL query

query metafields{
metafields(owner: "gid://shopify/Order/148977776", namespace: "$app:some_namespace", first: 2) {
edges {
node {
key
namespace
value
}
}
}
}

Anchor to Creating and updating app-owned metafieldsCreating and updating app-owned metafields

In API version 2023-10 and lower, you could create or update private metafields using the following mutation:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation privateMetafieldUpsert($input: PrivateMetafieldInput!) {
privateMetafieldUpsert(input: $input) {
privateMetafield {
id
namespace
key
value
valueType
}
userErrors {
field
message
}
}
}

Variables

{
"input": {
"key": "some_key",
"namespace": "some_namespace",
"owner": "gid://shopify/Product/1",
"valueInput": {
"value": "some_value",
"valueType": "STRING"
}
}
}

As of the 2023-01 API version, you can create or update an app-owned metafield with the metafieldsSet mutation and use the $app: shorthand followed by the desired namespace:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation metafieldsSet($metafields: [MetafieldsSetInput!]!) {
metafieldsSet(metafields: $metafields) {
metafields {
id
namespace
key
}
userErrors {
field
message
}
}
}

Variables

{
"metafields": [
{
"key": "some_key",
"namespace": "$app:some_namespace",
"ownerId": "gid://shopify/Product/7886147092734",
"type": "single_line_text_field",
"value": "some_value"
}
]
}

The metafieldsSet mutation takes an array of MetafieldsSetInput allowing you to create or update more than one app-owned metafield.

Anchor to Deleting app-owned metafieldsDeleting app-owned metafields

In API version 2023-10 and lower, you could delete private metafields using the following mutation:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation privateMetafieldDelete($input: PrivateMetafieldDeleteInput!) {
privateMetafieldDelete(input: $input) {
deletedPrivateMetafieldId
userErrors {
field
message
}
}
}

Variables

{
"input": {
"key": "some_key",
"namespace": "some_namespace",
"owner": "gid://shopify/Product/7886147092734"
}
}

As of the 2023-01 API version, you can use the id of your app-owned metafield to delete it using the metafieldDelete mutation:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation metafieldDelete($input: MetafieldDeleteInput!) {
metafieldDelete(input: $input) {
deletedId
userErrors {
field
message
}
}
}

Variables

{
"input": {
"id": "gid://shopify/Metafield/9936147092734"
}
}

Anchor to Webhook subscription payloads with app-owned metafieldsWebhook subscription payloads with app-owned metafields

If you previously had webhook subscriptions that returned the associated private metafields by namespace, then you can create new ones to return your app-owned metafields.

The webhookSubscriptionCreate mutations can be used to create webhook subscriptions.

In API version 2023-10 and lower, you could use the privateMetafieldNamespaces to filter by the private metafield namespace:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation webhookSubscriptionCreate($topic: WebhookSubscriptionTopic!, $webhookSubscription: WebhookSubscriptionInput!) {
webhookSubscriptionCreate(topic: $topic, webhookSubscription: $webhookSubscription) {
userErrors {
field
message
}
webhookSubscription {
id
topic
}
}
}

Variables

{
"topic": "PRODUCTS_UPDATE",
"webhookSubscription": {
"uri": "https://some-url.com",
"format": "JSON",
"includeFields": [
""
],
"privateMetafieldNamespaces": [
"some_namespace"
]
}
}

As of the 2023-01 API version, you can use the $app: shorthand followed by the namespace under metafieldNamespaces:

POST https://{shop}.myshopify.com/api/{api_version}/graphql.json

GraphQL mutation

mutation webhookSubscriptionCreate($topic: WebhookSubscriptionTopic!, $webhookSubscription: WebhookSubscriptionInput!) {
webhookSubscriptionCreate(topic: $topic, webhookSubscription: $webhookSubscription) {
userErrors {
field
message
}
webhookSubscription {
id
topic
}
}
}

Variables

{
"topic": "PRODUCTS_UPDATE",
"webhookSubscription": {
"uri": "https://some-url.com",
"format": "JSON",
"includeFields": [
""
],
"metafieldNamespaces": [
"$app:some_namespace"
]
}
}

Anchor to Metafield access controlsMetafield access controls

Since the 2021-10 API release, developers can define the metafields they want to use on a resource by creating a metafield definition. Metafield definitions provide developers with validation options on the data stored, the ability to reserve a namespace/key on the resource it’s defined on and metadata about the field such as name and description.

In the 2023-01 API release, metafield definitions now offer a new input field named access that allows developers to specify the granularity in which the data stored in the metafield is exposed. There are three levels of access:

Access SettingDescription
PRIVATEOnly the app that owns a metaobject of this type can read and write to it.
MERCHANT_READApps that act on behalf of the app user (such as the admin) can read metaobjects of this type.Only the owning app can write to metaobjects of this type.
MERCHANT_READ_WRITEBoth the owning app and apps that act on behalf of the appuser (such as the admin) can read or write to metaobjects of this type.No other applications can read or write metaobjects.

By default, metafields defined by apps under namespaces that they own (meaning that the namespace contains the app's reserved prefix) will be private to the app. Similar to app-data metafields, after a metafield is defined, reading and writing to it is the same as other regular metafields.

Was this page helpful?