Requesting Order API permissions for app

Products and Orders APIs
1

We already have our app listed on the Shopify App Store. Now we want to request the Orders API permission, as we are building a new feature for automatic order tagging.

I have a few questions about this process:

  1. What happens if a merchant denies the request for the new Orders API permission?
  2. Do merchants have the ability to remove only the Orders permission and keep other permissions active, or is it all-or-nothing once the app is installed?
  3. If a merchant does not approve the Orders permission, will our app still function with the existing permissions, just without the auto-order-tagging feature?

We want to make sure we communicate clearly to our merchants what will happen if they choose not to approve this new permission request.

2

  1. What happens if a merchant denies the Orders API permission request?
    Merchants can choose whether to grant the new Orders API permission during the authorization process. If they deny it, your app will not be able to access order data and therefore cannot perform the automatic tagging function.

  2. Can merchants remove the Orders permission while retaining other permissions?
    In Shopify’s permission model, app permissions are granted as a package. Merchants cannot revoke a single permission (e.g., only the Orders API). If they wish to remove permissions, they must uninstall the app. In other words, once an app is installed, merchants’ acceptance of app permissions is an “all-or-nothing” approval, not a “pick-and-choose” process.

  3. Can the app still run if merchants do not approve the Orders permission?
    Yes. The app will continue to function normally within its existing permission scope, but order-related features (such as automatic tagging) will not be enabled. You need to inform merchants in the app interface or documentation that:
    a. Core features remain available even without authorization for the Orders API;
    b. Automatic order tagging is an additional feature that requires extra order access permissions.

3

Hey @Shrutika_Lokhande,

To add to the answer above, I’d recommend considering managed installations if you haven’t implemented them yet. This approach provides a much smoother experience when adding new permissions like Orders API access. With managed installations, Shopify handles the installation process, making it significantly easier to deploy scope updates to your existing merchant base without disruption.

You can also leverage optional scopes to give merchants more granular control. Configure the Orders API permission as an optional scope rather than required, which allows merchants to selectively grant access to order data.