What are App Permissions & Scopes?
What are they? When you install a new Shopify app, it will show you a screen listing all the 'permissions' it requires to function. These permissions, also called 'scopes,' define exactly what parts of your store's data the app can access and modify. For example, an app might request permission to 'Read products,' 'Modify orders,' or 'Read customer data.'
Why is it important?
This is a critical security checkpoint. By granting these permissions, you are giving a third-party developer access to your sensitive business and customer data. Understanding what an app is asking for helps you determine if it's trustworthy and necessary for the app to do its job.Example of Permissions:
- A product review app will reasonably need permission to read products (to link reviews to them) and modify theme templates (to display the review widget). It should NOT need permission to read your financial reports.
- An email marketing app will need permission to read customer data (to get their email addresses). It should NOT need permission to modify shipping zones.
The Golden Rule of Permissions
Always apply the 'Principle of Least Privilege.' Does the app *really* need all the permissions it's asking for? If an app's function is to add a simple visual effect to your storefront, but it's asking for full access to read and modify all your orders and customers, that's a major red flag. Question why it needs that level of access. A trustworthy app will only ask for the minimum permissions required to perform its function.
DijiPilot Academy Access Required
This comprehensive masterclass (1.2.7 - Shopify App Management (Difficulty: Beginner | Path: Launch)) is locked. Upgrade your plan to unlock the full technical roadmap.
Loading lesson roadmap for Phase 1.2.7...
Questions & Answers
Reviewing this step? Browse questions from other DijiPilot users below. If you are stuck, check the existing answers to bridge the gap between setup and success.