How to update access scope for a live app on Shopify App store

Hi all,

My app is available on Shopify app store.
I am currently facing this issue of updating access scope on my live app. For Graphql API migration Shopify have added read_location access which was not there in the rest API .For this i need to update access scope for my listed app.I am not able to do it from my partners account as well as when i make updation in the access for both toml file and redirection url access scope, system throws error of misconfiguration. How can i update access scope for my listed app on shopify

1 Like

Hey @Ravi_Goel :waving_hand: - are you using the CLI to try to push the updates to from app’s .toml file over to the live deployed version?

Would you be able to share the specific error message you’re seeing (a screenshot would be great if possible!) as well as your app’s ID as it appears in the partner dashboard? I can take a closer look into this on our end here and see if we can help out further. :slight_smile:

Hi Alan,

Our Shopify app, Rapidshyp, is currently live on the Shopify App Store as a non-embedded app. Recently, we encountered an issue during the mandatory migration from Shopify REST API to GraphQL API. Here’s a detailed explanation of the problem:

Previous Setup:
The app was utilizing certain REST API endpoints that did not require the read_location access scope.
Post Migration:
These endpoints now require the read_location access scope when used with GraphQL API.

Steps Taken

  1. Access Scope Update:
    We updated the read_location access scope in the app’s toml configuration file to comply with GraphQL requirements.
  2. Release Deployment:
    After updating the access scope, we pushed a new release of the app to Shopify.

Observed Issue:

New Seller Impact:
Post-release, new sellers attempting to install the app are facing a “misconfiguration issue” during the redirection process.

App Information

App Name:Rapidshyp
Client ID:e10d0634da3fcc13cfffea55d2985f71

We suspect the issue might be related to the access scope changes or the app configuration during the release process. Could you help us investigate and resolve this misconfiguration issue?

@Ravi_Goel

When you rely on managing access scopes through the toml file through managed installs, then yes changing any access scopes will require all merchants to accept the new access scopes before using your app again.

This can be highly disruptive for merchants, especially if you don’t communicate to them beforehand.

Shopify offers a more elegant way to handle this, through the optional_scopes and the AppBridge’s app.scopes.request() method.

Through these two, you can present a call to action in your app for merchants to accept the new scopes on demand.

I noticed you mentioned that this particular app isn’t embedded. So you won’t be able to do this without that.

The other alternative is to disable the managed OAuth install by Shopify, then you can write you own OAuth handshake and then request these scopes from inside of your app.

However, I recommend the AppBridge approach, it’s much more seamless.

Hi Dylan,

My app is a non-embedded app and runs outside of Shopify.

From your message, I understand that using optional_scopes and AppBridge’s app.scopes.request() is only possible for embedded apps. Given that my app is non-embedded, is there any alternative way to update the access scope without:

  • Disabling managed OAuth in the app’s configuration on Shopify
  • Implementing a custom OAuth flow to dynamically request the read_location scope during usage or installation

I’d appreciate any suggestions for a simpler solution to manage this change.

Hi @Ravi_Goel ,

Like I said, if you’re not embedded, you’ll have to write your own OAuth initiation logic to request this additional scope conditionally.

So you’ll have to find a way to update your OAuth handshake logic to accept additional scopes conditionally, and then trigger it from inside of your app when the merchant clicks a button to accept these new scopes.