All apps need to request access to specific store data during the app authorization process. This guide provides a list of available access scopes for the GraphQL Admin, Storefront, Payment Apps APIs, and Customer Account APIs. ## How it works > Tip: > For more information on how to configure your access scopes, refer to [app configuration](/docs/apps/build/cli-for-apps/app-configuration) and [manage access scopes](/docs/apps/build/authentication-authorization/app-installation/manage-access-scopes). After you've [generated API credentials](/docs/apps/build/authentication-authorization/client-secrets), your app needs to [be authorized to access store data](/docs/apps/build/authentication-authorization#authorization). Authorization is the process of giving permissions to apps. Users can authorize Shopify apps to access data in a store. For example, an app might be authorized to access orders and product data in a store. An app can request authenticated or unauthenticated access scopes. | Type of access scopes | Description | Example use cases | |---|---|---| | [Authenticated](#authenticated-access-scopes) | Controls access to resources in the [GraphQL Admin API](/docs/api/admin-graphql), [Web Pixel API](/docs/api/web-pixels-api), and [Payments Apps API](/docs/api/payments-apps). <br></br>Authenticated access is intended for interacting with a store on behalf of a user. | <ul><li>Creating products</li><li>Managing discount codes</li></ul> | | [Unauthenticated](#unauthenticated-access-scopes) | Controls an app's access to [Storefront API](/docs/api/storefront) objects. <br></br> Unauthenticated access is intended for interacting with a store on behalf of a customer. | <ul><li>Viewing products</li><li>Initiating a checkout</li></ul> | | [Customer](#customer-access-scopes) | Controls an app's access to [Customer Account API](/docs/api/customer) objects. <br></br> Customer access is intended for interacting with data that belongs to a customer. | <ul><li>Viewing orders</li><li>Updating customer details</li></ul> | ## Authenticated access scopes This section describes the authenticated access scopes that your app can request. In the table, access to some resources are marked with **permissions required**. In these cases, you must [request specific permission](#requesting-specific-permissions) to access data from the user in your Partner Dashboard. > Info: > To authenticate an admin-created custom app, you or the app user needs to install the app from the Shopify admin to generate API credentials and the necessary API access tokens. Refer to [access scopes for admin-created custom apps](/docs/apps/build/authentication-authorization/access-tokens/generate-app-access-tokens-admin#permissions-required-to-assign-scopes-to-a-custom-app). <table> <caption>Authenticated access scopes</caption> <tr> <th scope="col">Scope</th> <th scope="col">Access</th> </tr> <tr> <td><code>read_all_orders</code></td> <td><p>All relevant <a href="/docs/api/admin-graphql/latest/objects/Order">orders</a> rather than the default window of orders created within the last 60 days<span class="heading-flag heading-flag--restricted">Permissions required</span></p> <p>This access scope is used in conjunction with existing order scopes, for example <code>read_orders</code> or <code>write_orders</code>.</p> <p>You need to <a href="#orders-permissions">request permission for this access scope</a> from your Partner Dashboard before adding it to your app.</p></td> </tr> <tr> <td> <p><code>read_assigned_fulfillment_orders</code>,</p> <p><code>write_assigned_fulfillment_orders</code>,</p> <p><code>read_merchant_managed_fulfillment_orders</code>,</p> <p><code>write_merchant_managed_fulfillment_orders</code>,</p> <p><code>read_third_party_fulfillment_orders</code>,</p> <p><code>write_third_party_fulfillment_orders</code>,</p> <p><code>read_marketplace_fulfillment_orders</code></p> </td> <td> <p><code><a href="/docs/api/admin-graphql/latest/objects/FulfillmentOrder">FulfillmentOrder</a></code></p> <p>As of API version 2024-10, <code>write_third_party_fulfillment_orders</code> will no longer allow <a href="/docs/apps/build/orders-fulfillment/order-management-apps">order management apps</a> to create fulfillments for fulfillment orders that have been assigned to a different fulfillment service app.</p> </td> </tr> <tr> <td> <p><code>read_cart_transforms</code>,</p> <p><code>write_cart_transforms</code></p> </td> <td><code><a href="/docs/api/admin-graphql/unstable/objects/CartTransform">CartTransform</a></code></td> </tr> <tr> <td> <p><code>read_checkout_branding_settings</code>,</p> <p><code>write_checkout_branding_settings</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/CheckoutBranding">CheckoutBranding</a></code></td> </tr> <tr> <td> <p><code>read_content</code>,</p> <p><code>write_content</code>,</p> <p><code>read_online_store_pages</code></p> </td> <td><code><a href="/docs/api/admin-graphql/unstable/objects/Article">Article</a></code>, <code><a href="/docs/api/admin-graphql/unstable/objects/Blog">Blog</a></code>, <code><a href="/docs/api/admin-graphql/unstable/objects/Comment">Comment</a></code>, <code><a href="/docs/api/admin-graphql/unstable/objects/Page">Page</a></code></td> </tr> <tr> <td> <p><code>read_customer_events</code>,</p> <p><code>write_pixels</code></p> </td> <td><a href="/docs/api/web-pixels-api">Web Pixels API</a></td> </tr> <tr> <td> <p><code>read_customer_merge</code>,</p> <p><code>write_customer_merge</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/CustomerMergePreview">CustomerMergePreview</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/CustomerMergeRequest">CustomerMergeRequest</a></code></td> </tr> <tr> <td> <p><code>read_customer_payment_methods</code></p> </td> <td><p><code><a href="/docs/api/admin-graphql/latest/objects/customerpaymentmethod">CustomerPaymentMethod</a></code><span class="heading-flag heading-flag--restricted">Permissions required</span></p><p>You need to <a href="#subscription-apis-permissions">request permission for this access scope</a> from your Partner Dashboard before adding it to your app.</p></td> </tr> <tr> <td> <p><code>read_customers</code>,</p> <p><code>write_customers</code> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/customer">Customer</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/Segment">Segment</a></code></td> </tr> <tr> <td> <p><code>read_delivery_customizations</code>,</p> <p><code>write_delivery_customizations</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/DeliveryCustomization">DeliveryCustomization</a></code></td> </tr> <tr> <td> <p><code>read_discounts</code>,</p> <p><code>write_discounts</code></p> </td> <td><a href="/docs/apps/build/discounts">Discounts features</a></td> </tr> <tr> <td> <p><code>read_draft_orders</code>,</p> <p><code>write_draft_orders</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/draftorder">DraftOrder</a></code></td> </tr> <tr> <td> <p><code>read_files</code>,</p> <p><code>write_files</code></p> <p></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/genericfile">GenericFile</a></code></td> </tr> <tr> <td> <p><code>read_fulfillments</code>,</p> <p><code>write_fulfillments</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/FulfillmentService">FulfillmentService</a></code></td> </tr> <tr> <td> <p><code>read_gift_cards</code>,</p> <p><code>write_gift_cards</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/GiftCard">GiftCard</a></code></td> </tr> <tr> <td> <p><code>read_inventory</code>,</p> <p><code>write_inventory</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/InventoryLevel">InventoryLevel</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/InventoryItem">InventoryItem</a></code></td> </tr> <tr> <td> <p><code>read_legal_policies</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/shoppolicy">ShopPolicy</a></code></td> </tr> <tr> <td> <p><code>read_locales</code>,</p> <p><code>write_locales</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/shoplocale">ShopLocale</a></code></td> </tr> <tr> <td> <p><code>read_locations</code>,</p> <p><code>write_locations</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/location">Location</a></code></td> </tr> <tr> <td> <p><code>read_markets</code>,</p> <p><code>write_markets</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/market">Market</a></code></td> </tr> <tr> <td> <p><code>read_marketing_events</code>,</p> <p><code>write_marketing_events</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/marketingevent">MarketingEvent</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/MarketingActivity">MarketingActivity</a></code></td> </tr> <tr> <td><code>read_merchant_approval_signals</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/merchantapprovalsignals">MerchantApprovalSignals</a></code></td> </tr> <tr> <td> <p><code>read_metaobject_definitions</code>,</p> <p><code>write_metaobject_definitions</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/metaobjectdefinition">MetaobjectDefinition</a></code></td> </tr> <tr> <td> <p><code>read_metaobjects</code>,</p> <p><code>write_metaobjects</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/metaobject">Metaobject</a></code></td> </tr> <tr> <td> <p><code>read_online_store_navigation</code></p> <p><code>write_online_store_navigation</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/UrlRedirect">UrlRedirect</a></code></td> </tr> <tr> <td> <p><code>read_order_edits</code>,</p> <p><code>write_order_edits</code></p> </td> <td> <code><a href="/docs/api/admin-graphql/latest/objects/CalculatedOrder">CalculatedOrder</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/DeliveryCarrierService">DeliveryCarrierService</a></code> </td> </tr> <tr> <td> <p><code>read_orders</code>,</p> <p><code>write_orders</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/AbandonedCheckout">AbandonedCheckout</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/Fulfillment">Fulfillment</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/Order">Order</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/OrderTransaction">OrderTransaction</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/DeliveryCarrierService">DeliveryCarrierService</a></code></td> </tr> <tr> <td> <p><code>read_own_subscription_contracts</code>,</p> <p><code>write_own_subscription_contracts</code></p> </td> <td><p>GraphQL Admin API <code><a href="/docs/api/admin-graphql/latest/objects/SubscriptionContract">SubscriptionContract</a></code><span class="heading-flag heading-flag--restricted">Permissions required</span></br>Customer Account API <code><a href="/docs/api/customer/latest/objects/SubscriptionContract">SubscriptionContract</a></code><span class="heading-flag heading-flag--restricted">Permissions required</span></p><p>You need to <a href="#subscription-apis-permissions">request permission for these access scopes</a> from your Partner Dashboard before adding them to your app.</p></td> </tr> <tr> <td> <p><code>read_payment_customizations</code>,</p> <p><code>write_payment_customizations</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/PaymentCustomization">PaymentCustomization</a></code></td> </tr> <tr> <td> <p><code>read_payment_gateways</code>,</p> <p><code>write_payment_gateways</code></p> </td> <td>Payments Apps API <code><a href="/docs/api/payments-apps/latest/objects/PaymentsAppConfiguration">PaymentsAppConfiguration</a></code></td> </tr> <tr> <td> <p><code>read_payment_mandate</code>,</p> <p><code>write_payment_mandate</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/PaymentMandate">PaymentMandate</a></code></td> </tr> <tr> <td><code>write_payment_sessions</code></td> <td>Payments Apps API <code><a href="/docs/api/payments-apps/latest/objects/PaymentSession">PaymentSession</a></code>, <code><a href="/docs/api/payments-apps/latest/objects/CaptureSession">CaptureSession</a></code>, <code><a href="/docs/api/payments-apps/latest/objects/RefundSession">RefundSession</a></code>, <code><a href="/docs/api/payments-apps/latest/objects/VoidSession">VoidSession</a></code></td> </tr> <tr> <td> <p><code>read_payment_terms</code>,</p> <p><code>write_payment_terms</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/paymentschedule">PaymentSchedule</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/paymentterms">PaymentTerms</a></code></td> </tr> <tr> <td> <p><code>read_price_rules</code>,</p> <p><code>write_price_rules</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/PriceRule">PriceRule</a></code></td> </tr> <tr> <td> <p><code>write_privacy_settings</code>,</p> <p><code>read_privacy_settings</code></p> </td> <td><code><a href="/docs/api/admin-graphql/unstable/objects/CookieBanner">CookieBanner</a></code>, <code><a href="/docs/api/admin-graphql/unstable/objects/PrivacySettings">PrivacySettings</a></code></td> </tr> <tr> <td> <p><code>read_products</code>,</p> <p><code>write_products</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/Product">Product</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/ProductVariant">ProductVariant</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/Collection">Collection</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/ResourceFeedback">ResourceFeedback</a></code></td> </tr> <tr> <td> <p><code>read_purchase_options</code>,</p> <p><code>write_purchase_options</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/SellingPlan">SellingPlan</a></code></td> </tr> <tr> <td> <p><code>read_returns</code>,</p> <p><code>write_returns</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/Return">Return</a></code></td> </tr> <tr> <td> <p><code>read_script_tags</code>,</p> <p><code>write_script_tags</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/ScriptTag">ScriptTag</a></code></td> </tr> <tr> <td> <p><code>read_shipping</code>,</p> <p><code>write_shipping</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/DeliveryCarrierService">DeliveryCarrierService</a></code></td> </tr> <tr> <td><code>read_shopify_payments_disputes</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/ShopifyPaymentsDispute">ShopifyPaymentsDispute</a></code> </td> </tr> <tr> <td><code>read_shopify_payments_dispute_evidences</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/ShopifyPaymentsDisputeEvidence">ShopifyPaymentsDisputeEvidence</a></code> </td> </tr> <tr> <td><code>read_shopify_payments_payouts</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/ShopifyPaymentsPayout">ShopifyPaymentsPayout</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/ShopifyPaymentsBalanceTransaction">ShopifyPaymentsBalanceTransaction</a></code> </td> </tr> <tr> <td><code>read_store_credit_accounts</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/StoreCreditAccount">StoreCreditAccount</a></code></td> </tr> <tr> <td> <p><code>read_store_credit_account_transactions</code>,</p> <p><code>write_store_credit_account_transactions</code> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/StoreCreditAccountDebitTransaction">StoreCreditAccountDebitTransaction</a></code>, <code><a href="/docs/api/admin-graphql/latest/objects/StoreCreditAccountCreditTransaction">StoreCreditAccountCreditTransaction</a></code></td> </tr> <tr> <td> <p><code>read_themes</code>,</p> <p><code>write_themes</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/OnlineStoreTheme">OnlineStoreTheme</a></code></td> </tr> <tr> <td><code>read_translations</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/TranslatableResource">TranslatableResource</a></code></td> </tr> <tr> <td><code>read_users</code></td> <td><code><a href="/docs/api/admin-graphql/latest/objects/staffmember">StaffMember</a></code><span class="heading-flag heading-flag--plus">SHOPIFY PLUS</span></td> </tr> <tr> <td> <p><code>read_validations</code>,</p> <p><code>write_validations</code></p> </td> <td><code><a href="/docs/api/admin-graphql/latest/objects/Validation">Validation</a></code></td> </tr> </table> ### Requesting specific permissions Follow the procedures below to request specific permissions to request access scopes in the Partner Dashboard. #### Orders permissions By default, you have access to the last 60 days' worth of orders for a store. To access all the orders, you need to request access to the `read_all_orders` scope from the user: 1. From the Partner Dashboard, go to **[Apps](https://partners.shopify.com/current/apps)**. 1. Click the name of your app. 1. Click **API access**. 1. In the **Access requests** section, on the **Read all orders scope** card, click **Request access**. 1. On the **Orders** page that opens, describe your app and why you’re applying for access. 1. Click **Request access**. If Shopify approves your request, then you can add the `read_all_orders` scope to your app along with `read_orders` or `write_orders`. #### Subscription APIs permissions Subscription apps let users sell subscription products that generate multiple orders on a specific billing frequency. With subscription products, the app user isn't required to get customer approval for each subsequent order after the initial subscription purchase. As a result, your app needs to request the required protected access scopes to use Subscription APIs from the app user: 1. From the Partner Dashboard, go to **[Apps](https://partners.shopify.com/current/apps)**. 1. Click the name of your app. 1. Click **API access**. 1. In the **Access requests** section, on the **Access Subscriptions APIs** card, click **Request access**. 1. On the **Subscriptions** page that opens, describe why you’re applying for access. 1. Click **Request access**. If Shopify approves your request, then you can add the `read_customer_payment_methods` and `write_own_subscription_contracts` scopes to your app. If you're using the Customer Account API, you can add the `customer_read_own_subscription_contracts` or `customer_write_own_subscription_contracts` scopes. #### Protected customer data permissions By default, apps don't have access to any protected customer data. To access protected customer data, you must meet our [protected customer data requirements](/docs/apps/launch/protected-customer-data#requirements). You can add the relevant scopes to your app, but the API won't return data from non-development stores until your app is configured and approved for protected customer data use. ## Unauthenticated access scopes Unauthenticated access scopes provide apps with read-only access to the [Storefront API](/docs/api/storefront). Unauthenticated access is intended for interacting with a store on behalf of a customer. For example, an app might need to do one or more of following tasks: - Read products and collections - Create customers and update customer accounts - Query international prices for products and orders - Interact with a cart during a customer's session - Initiate a checkout ### Request scopes To request unauthenticated access scopes for an app, select them when you [generate API credentials](/docs/apps/build/authentication-authorization/client-secrets) or [change granted access scopes](/docs/apps/build/authentication-authorization/app-installation/manage-access-scopes). To request access scopes or permissions for the Headless channel, refer to [managing the Headless channel](/docs/storefronts/headless/building-with-the-storefront-api/manage-headless-channels#request-storefront-permissions). You can request the following unauthenticated access scopes: <table> <caption>Unauthenticated access scopes</caption> <tr> <th style="width:20vw" scope="col">Scope</th> <th style="width:80vw" scope="col">Access</th> </tr> <tr> <td><code>unauthenticated_read_checkouts</code>,<p><code>unauthenticated_write_checkouts</code></p></td> <td><a href="/docs/api/storefront/reference/checkouts/checkout">Checkout</a> object</td> </tr> <tr> <td><code>unauthenticated_read_customers</code>,<p><code>unauthenticated_write_customers</code></p></td> <td><a href="/docs/api/storefront/reference/customers/customer">Customer</a> object</td> </tr> <tr> <td><code>unauthenticated_read_customer_tags</code></td> <td><code>tags</code> field on the <a href="/docs/api/storefront/reference/customers/customer">Customer</a> object</td> </tr> <tr> <td><code>unauthenticated_read_content</code></td> <td>Storefront content, such as <a href="/docs/api/storefront/reference/online-store/article">Article</a>, <a href="/docs/api/storefront/reference/online-store/blog">Blog</a>, and <a href="/docs/api/storefront/reference/online-store/comment">Comment</a> objects</td> </tr> <tr> <td><code>unauthenticated_read_metaobjects</code></td> <td>View metaobjects, such as <a href="/docs/api/storefront/latest/objects/metaobject">Metaobject</a></td> </tr> <tr> <td><code>unauthenticated_read_product_inventory</code></td> <td><code>quantityAvailable</code> field on the <a href="/docs/api/storefront/reference/products/productvariant">ProductVariant</a> object and <code>totalAvailable</code> field on the <a href="/docs/api/storefront/reference/products/product">Product</a> object</td> </tr> <tr> <td><code>unauthenticated_read_product_listings</code></td> <td><a href="/docs/api/storefront/reference/products/product">Product</a> and <a href="/docs/api/storefront/reference/products/collection">Collection</a> objects</td> </tr> <tr> <td><code>unauthenticated_read_product_pickup_locations</code></td> <td><a href="/docs/api/storefront/reference/locations/location">Location</a> and <a href="/docs/api/storefront/reference/storeavailability/storeavailability">StoreAvailability</a> objects</td> </tr> <tr> <td><code>unauthenticated_read_product_tags</code></td> <td><code>tags</code> field on the <a href="/docs/api/storefront/reference/products/product">Product</a> object</td> </tr> <tr> <td><code>unauthenticated_read_selling_plans</code></td> <td>Selling plan content on the <a href="/docs/api/storefront/reference/products">Product</a> object</td> </tr> </table> ## Customer access scopes Customer access scopes provide apps with read and write access to the [Customer Account API](/docs/api/customer). Customer access is intended for interacting with data that belongs to a customer. For example, an app might need to do one or more of following tasks: - Read customers orders - Update customer accounts - Create and update customer addresses - Read shop, customer or order metafields ### Request scopes To request access scopes or permissions for the Headless or Hydrogen channel, refer to [managing permissions](/docs/storefronts/headless/building-with-the-customer-account-api/getting-started#step-2-configure-customer-account-api-access). You can request the following customer access scopes: <table> <caption>Customer access scopes</caption> <tr> <th style="width:20vw" scope="col">Scope</th> <th style="width:80vw" scope="col">Access</th> </tr> <tr> <td><code>customer_read_customers</code>,<p><code>customer_write_customers</code></p></td> <td><a href="/docs/api/customer/latest/objects/Customer">Customer</a> object</td> </tr> <tr> <td><code>customer_read_orders</code>,<p><code>customer_write_orders</code></p></td> <td><a href="/docs/api/customer/latest/objects/Order">Order</a> object</td> </tr> <tr> <td><code>customer_read_draft_orders</code></td> <td><a href="/docs/api/customer/latest/objects/DraftOrder">Draft Order</a> object</td> </tr> <tr> <td><code>customer_read_markets</code></td> <td><a href="/docs/api/customer/latest/objects/Market">Market</a> object</td> </tr> <tr> <td><code>customer_read_store_credit_accounts</code></td> <td><a href="/docs/api/customer/latest/objects/StoreCreditAccount">Store Credit Account</a> object</td> </tr> <tr> <td><code>customer_read_own_subscription_contracts</code>,<p><code>customer_write_own_subscription_contracts</code></p></td> <td><a href="/docs/api/customer/latest/objects/SubscriptionContract">Subscription Contract</a> object for records that belong to your app</td> </tr> <tr> <td><code>customer_write_subscription_contracts</code></td> <td><a href="/docs/api/customer/latest/objects/SubscriptionContract">Subscription Contract</a> object for all records. Only available for Hydrogen and Headless storefronts</td> </tr> <tr> <td><code>customer_read_companies</code>,<p><code>customer_write_companies</code></p></td> <td><a href="/docs/api/customer/latest/objects/Company">Company</a> object</td> </tr> <tr> <td><code>customer_read_locations</code>,<p><code>customer_write_locations</code></p></td> <td><a href="/docs/api/customer/latest/objects/CompanyLocation">Company Location</a> object</td> </tr> </table> ## Checking granted access scopes You can check your app’s granted access scopes using the [`appInstallation`](/docs/api/admin-graphql/latest/queries/appInstallation?example=Get+the+access+scopes+associated+with+the+app+installation) query in the GraphQL Admin API. ## Limitations and considerations - Apps should request only the minimum amount of data that's necessary for an app to function when using a Shopify API. Shopify restricts access to scopes for apps that don't require legitimate use of the associated data. - Only [public or custom apps](/docs/apps/launch/distribution) are granted access scopes. Legacy app types, such as private or unpublished, won't be granted new access scopes.