Storefront API access scopes

Unauthenticated access scopes

Unauthenticated access scopes control access to objects in the Storefront API. Unauthenticated access is intended for interacting with a store on behalf of a customer to perform actions such as viewing products or initiating a checkout.

A storefront access token is required to make requests to the Storefront API. Any storefront access tokens created by your app automatically inherit the unauthenticated access scopes granted to it.

The following unauthenticated scopes can be requested:

  • unauthenticated_read_product_listings
    Unauthenticated access to read the Product and Collection objects.
  • unauthenticated_read_product_tags
    Unauthenticated access to read the tags field on the Product object.
  • unauthenticated_write_checkouts, unauthenticated_read_checkouts
    Unauthenticated access to the Checkout object.
  • unauthenticated_write_customers, unauthenticated_read_customers
    Unauthenticated access to the Customer object.
  • unauthenticated_read_customer_tags
    Unauthenticated access to read the tags field on the Customer object.
  • unauthenticated_read_content
    Unauthenticated access to read storefront content, such as Article, Blog, and Comment objects.