Authorization scopes
The Shop Pay Wallet API provides a user's data for developers to make a payment on their behalf. The data is split into separate resources each requiring their own scope. To request buyer authorization to access their Shop Pay Wallet you must, therefore, include a combination of the following scopes as a space-delimited string in the request.
| Scope | Resource | PCI Compliance Required? | Details |
uma:pay:address:read | Address | No | Use this scope to request access to the buyer's shipping address. |
uma:pay:credit_card:read | Credit Card | No | Use this scope to request access to the buyer's credit card summary. |
uma:pay:credit_card:read_payment_session | Payment Token | No | Use this scope to request access to a Payment Session ID. This scope is required when completing checkouts with Shopify Merchants. |
uma:pay:credit_card:read_encrypted | Encrypted PAN | Yes | Use this scope to request access to the encrypted Primary Account Number (PAN) of the buyer's credit card. This scope is required when completing checkouts with non-Shopify merchants. |
Anchor to ExamplesExamples
Anchor to Non-PCI compliant partnersNon-PCI compliant partners
The scope string you should provide to request user authorization is:
scope=uma:pay:address:read uma:pay:credit_card:read uma:pay:credit_card:read_payment_session
Anchor to PCI compliant partners working with Shopify and non-Shopify merchantsPCI compliant partners working with Shopify and non-Shopify merchants
The scope string you should provide to request user authorization is:
scope=uma:pay:address:read uma:pay:credit_card:read uma:pay:credit_card:read_payment_session uma:pay:credit_card:read_encrypted
- Getting Started with the Shop Pay Wallet API
- Authorization
- Shop Pay Wallet API reference
- Testing the integration
- Shop Pay Wallet ecosystem
Was this page helpful?