Back to Developer changelog

Apps now need Shopify approval to read orders older than 60 days

API

Effective July 09, 2018

Action required

Shopify is introducing an important change to the Order resource to help preserve the trust that merchants have when using third-party apps.

As of today, public apps will no longer be able to access a merchant’s orders older than 60 days with the current read_orders or write_orders access scopes. Apps that require access to all of a merchant’s orders will first need to be approved by Shopify. After Shopify approves the request, the app can begin using the new read_all_orders scope.

You can request approval to read orders older than 60 days in the Partner Dashboard. After your request is approved by a Shopify admin and you've been notified that your app was granted access, you must update your app to request the new read_all_orders access scope during authorization by July 9, 2018. If you don't update your app to use the new scope, then you won't be able to access orders older than 60 days after July 9. Note that you must use the new read_all_orders scope along with either the read_orders or write_orders scope.

These changes will help assure merchants that their data is safe with your app and with Shopify. By being mindful of what data apps need to access, and making sure merchants are fully aware of what scopes are being granted to their apps, we’ll build a strong and trusting app ecosystem.

To learn more about the, see Increase Merchant Trust: Introducing Updates to the Shopify Order API.

If you have any questions or concerns, then email read-all-orders-request@shopify.com.

Edit:

Many pre-approved apps viewing orders older than 60 days have now been migrated to have the new permission automatically. If your app is one of them you will receive an email from the Shopify Apps Team today.

Edit:

Private apps are not affected by this change and automatically will have the read_all_orders scope.

The majority of apps that were previously accessing orders older than 60 days have been grandfathered into the new permission. You'll still need to add the new scope to your OAuth flow. There will be an email sending out shortly to your registered e-mail if your app is included in this list. You can also check this in the App Setup section of the Partners Dashboard, you'll either see a section to request all orders access or a a status message that says "Your app can access the full order history for a store."