I had been following along with the Shopify App tutorials. My employer has tasked me with creating some functionality that requires access to the orders and customer data (for our own stores). This isn’t an app we would ever want to have listed or sell to use in other stores.
If I use the standard application development process, the tokens provided do not allow access to protected customer or order data (like name, email, phone, address, etc). You have to go through a review process to access the data.
However, if I go through Settings => Apps and sales channels => Develop Apps => Create an app, the tokens generated through that interface can access the Customer and Order data without review.
Is there any way to use these keys and tokens with the standard shopify app init / shopify app dev / shopify app deploy, so the app can be embedded in the Shopify admin? Or is it meant only for apps that will be used outside of Shopify?
Hey there!
Apps created through the Admin (Settings => …) cannot use the Shopify CLI (shopify app init). However, the Partners dashboard allows you to choose the distribution type. If you choose “Custom”, you’ll be able to use the CLI without having to make the app Public or go through an app review.
I hope this answers your question!
My understanding is that there are two types of app review. The first is for the app itself if offering it publicly, which is what you are talking about. The second is to access Order and Customer data via the API ( https://shopify.dev/docs/apps/launch/protected-customer-data).
I’m not sure how we are supposed to develop an app using CLI, because the GraphQL API calls cannot access the data needed to develop the app. If you cannot develop the app using “protected data” in a Partners development store, how can you pass a review to show that you are handling protected data properly? I understand having the limitation for live stores. It is important to protect customer data and follow GDPR. But developers need to be able to access the bogus customer data entered in development stores to get to the point of producing a working app that could pass review for public release.