After the latest update regarding Shopify function logs, the “Share logs” button was removed in the Shopify Admin, and we can now automatically see the logs for which we have the necessary scopes, which is great.
The problem is that when we are missing a single scope of the log, we are blocked completely from seeing the entire function log.
For example: I might need to see the shipping method of a function for debugging, but I won’t be able to do it only because the log also includes the customer email, and I don’t have the “read_customers” scope, even though I don’t need to see customer information data at all.
My feature request is that we should still be able to see the logs, but these logs should have the missing scopes’ data redacted, or something similar.
As a smaller/alternative feature request, it would be great to have an alternative way to get the function logs with the merchant’s consent like the old “Share logs” button, because with the new format, we don’t have any way to see the function logs if the function input has data that the app scopes don’t, even if that data is irrelevant for us.
Thanks!
Similar situation here: we were approved for Protected customer data access, yet our logs recently stopped showing data due to a missing read_customers scope. For what it’s worth, we can already see the PII in checkout extensions and with the read_orders scope, so this requirement doesn’t seem to be doing whatever it was intended to do.
The previous iteration was perfect, we could see logs without requesting additional scopes and any scopes which we didn’t have access to was simply redacted, i.e names and addresses.
With the current iteration, we don’t really want to apply for access scopes as the app doesn’t actually need this to operate - it goes against Shopify’s own policy of only requesting access scopes required to operate, however we now need to request this for the purposes of debugging only, with the ‘share logs’ feature removed, there is no other way to obtain access, in most cases we don’t need to see the information covered by the missing scopes anyway.
The whole thing is a security theater, if you have the read_reports scopes you can still read everything that is being hidden in the function logs and more without having the read_customers or read_orders scopes.