I have managed to get my app past the automated checks. Doing some unit testing now.
The app is handling order fulfillment (shipping). So I need the customer name/address/phone
When I try to fetch the fulfillment order with the grapql query below, I get an access denied error
{“errors”:[{“message”:“Access denied for order field. Required access: read_orders access scope, read_marketplace_orders access scope or read_quick_sale access scope.”,“locations”:[{“line”:11,“column”:17}],“extensions”:{“code”:“ACCESS_DENIED”,“documentation”:“https://shopify.dev/api/usage/access-scopes",“requiredAccess”:"`read_orders` access scope, read_marketplace_orders access scope or read_quick_sale access scope.”},“path”:[“fulfillmentOrder”,“order”]}],“data”:{“fulfillmentOrder”:null},“extensions”:{“cost”:{“requestedQueryCost”:22,“actualQueryCost”:2,“throttleStatus”:{“maximumAvailable”:2000.0,“currentlyAvailable”:1998,“restoreRate”:100.0}}}}
These are the scopes Im using. "read_assigned_fulfillment_orders,write_assigned_fulfillment_orders,read_fulfillments,write_fulfillments,read_locations,write_third_party_fulfillment_orders"
`var graphqlQuery = $@"
query GetFulfillmentOrder($id: ID!) {{
fulfillmentOrder(id: $id) {{
id
status
order {{
id
name
}}
deliveryMethod {{
methodType
}}
destination {{
firstName
lastName
company
address1
address2
city
province
zip
countryCode
phone
}}
assignedLocation {{
location {{
id
name
}}
}}
lineItems(first: 50) {{
edges {{
node {{
id
totalQuantity
remainingQuantity
lineItem {{
id
title
sku
variantTitle
}}
}}
}}
}}
}}
}}
";`
after some research I updated my access scopes to include read_orders
Now im getting the complete fulfillment order with ship_to information.
However, I also configured settings for Protected customer data access
in the Partner dashboard.
Question:
Im not sure i actually needed that, after updating my scopes?
Hey @Randal_B, glad to hear you got this working! For Protected Customer Data (PCD) access on order, if you’re not retrieving info like the customer’s name, address, email, etc and you’re purely interested in the order data itself that isn’t related to the customer, you’d want to request Level 1 PCD access. There’s a bit more info here: Work with protected customer data
Hope this helps, let me know if I can clarify anything
Yes, I need the customer name, full address and phone number from the (fulfillment) order - for shipping purposes.
At this point, my question really is - did I need to set these extra permissions in the Partner Dashboard as well as the scopes, or were adding he extra scopes sufficient? Ive made so many changes now Its hard to tell.
Yep, you needed both. They’re separate layers that work together:
OAuth scopes (like read_orders) control which API fields and endpoints your app can access at all
Protected Customer Data (PCD) access is an additional required layer specifically for accessing customer PII - name, email, phone, address, etc.
Since you’re pulling firstName, lastName, phone, and the full address off destination on the fulfillment order, you’d need Level 2 PCD access (protected customer fields) configured in your Partner Dashboard on top of the read_orders scope.
