Introducing explicit access grants for app-owned metafields

As of GraphQL Admin API version 2023-10, you can grant READ or READ_WRITE access to your metafields to explicitly specified apps, by using the new grants property of the access object in your metafieldDefinitionCreate and metafieldDefinitionUpdate mutations. You can pass a list of up to 16 grants per definition, specifying the grantee and the level of access to grant.

This could be useful if you need fine-grained control over access to your metafields, for example you could keep the admin access setting PRIVATE but explicitly grant access to other app ids.

Learn more about metafield access controls on shopify.dev.

Note that the introduction of explicit grants required a breaking change to the metafieldDefinitionUpdate mutation - see Breaking change to metafieldDefinitionUpdate mutation: access input type changed for details.