As of GraphQL Admin API version 2023-10, you can grant
READ_WRITE access to your metafields to explicitly specified apps, by using the new
grants property of the
access object in your
metafieldDefinitionUpdate mutations. You can pass a list of up to 16 grants per definition, specifying the grantee and the level of access to grant.
This could be useful if you need fine-grained control over access to your metafields, for example you could keep the admin access setting
PRIVATE but explicitly grant access to other app ids.
Learn more about metafield access controls on shopify.dev.
Note that the introduction of explicit grants required a breaking change to the
metafieldDefinitionUpdate mutation - see Breaking change to metafieldDefinitionUpdate mutation: access input type changed for details.