Authorization scopes
The Shop Pay Wallet API provides a user's data for developers to make a payment on their behalf. The data is split into separate resources each requiring their own scope. To request buyer authorization to access their Shop Pay Wallet you must, therefore, include a combination of the following scopes as a space-delimited string in the request.
|
Scope
|
Resource
|
PCI Compliance Required?
|
Details
|
uma:pay:address:read
|
Address | No | Use this scope to request access to the buyer's shipping address. |
uma:pay:credit_card:read
|
Credit Card | No | Use this scope to request access to the buyer's credit card summary. |
uma:pay:credit_card:read_payment_session
|
Payment Token | No | Use this scope to request access to a Payment Session ID. This scope is required when completing checkouts with Shopify Merchants. |
uma:pay:credit_card:read_encrypted
|
Encrypted PAN | Yes | Use this scope to request access to the encrypted Primary Account Number (PAN) of the buyer's credit card. This scope is required when completing checkouts with non-Shopify merchants. |
Non-PCI compliant partners
Anchor link to section titled "Non-PCI compliant partners"The scope string you should provide to request user authorization is:
PCI compliant partners working with Shopify and non-Shopify merchants
Anchor link to section titled "PCI compliant partners working with Shopify and non-Shopify merchants"The scope string you should provide to request user authorization is: