Shopify API: Query only returns app-created orders, not all store orders

GraphQL Admin API Troubleshooting
1

I am working on a Public Application(Sales Channel), after getting published it stopped accessing all orders only providing the order which my app created.
I am facing some issue with permissions to fetch all shopify orders do anyone know why I am facing this behavior. I tried reinstalling the sales channel as well but it only get the orders which the app created after installation means I cant even access my previously created orders from the same app. Do anyone have any idea why I am facing such behavior. My app is categorized as a Marketplace App.

query {
  orders(first: 10) {
    edges {
      cursor
      node {
        id
        name
        app {
            name
        }
      }
    }
    pageInfo {
      hasNextPage
      hasPreviousPage
      startCursor
      endCursor
    }
  }
}

Response

{

    "data": {

        "orders": {

            "edges": [],

            "pageInfo": {

                "hasNextPage": false,

                "hasPreviousPage": false,

                "startCursor": null,

                "endCursor": null

            }

        }

    },

    "extensions": {

        "cost": {

            "requestedQueryCost": 10,

            "actualQueryCost": 2,

            "throttleStatus": {

                "maximumAvailable": 2000.0,

                "currentlyAvailable": 1998,

                "restoreRate": 100.0

            }

        }

    }

}

Kindly help anyone

1 Like
2

Hi @Bilal_Khan! The behavior you’re seeing is expected for sales channel apps. Since March 2020, all sales channel and marketplace apps (except mobile app builders) have a read_only_own_orders scope automatically applied during the app review process as outlined in our requirements for Sales Channels documentation. This flag restricts your read_orders scope to only return orders created by your specific channel.

Merchants were concerned about competing sales channels being able to view each other’s order data on the same store, so now when you query the orders field, you’ll only see orders that came through your marketplace.

This is standard for all sales channel apps - the flag gets added automatically during review to protect merchant data. I know this is not ideal for your app, but it is the current expected behaviour to ensure merchant and customer data security.

3

Hi Donal,

Thank you for the detailed explanation regarding the March 2020 policy.
I completely understand the need to protect merchant data from competing
marketplaces.

However, based on your email, I believe “Cercle” has been misclassified.
You mentioned that “Mobile App Builders” are exempt from this
restriction.

“Cercle” operates strictly as a Mobile App Builder. We provide merchants
with a dedicated mobile channel to engage their own existing customers.
We are not a third-party marketplace where users browse products from
multiple competing vendors; rather, we function as a direct mobile
extension of the merchant’s Online Store.

To strictly adhere to this “Mobile App Builder” functionality, we
require the removal of the read_only_own_orders flag for the following
operational reasons:

 Unified Tracking & Fulfillment Updates: A core feature of our mobile

experience is providing customers with real-time tracking updates.
Customers expect to open the app and see the tracking status for all
their orders (including those placed on the Online Store). Without
access to all orders, we cannot display this tracking data, nor can we
sync updated tracking details back to the Shopify Admin.

 Unified Customer Order History: When a customer logs into the mobile

app, they expect to see their full relationship with the brand. If the
app only displays orders created via the mobile channel and hides their
web orders, the customer experience is broken, leading to support
tickets claiming that account history is missing.

 Inventory & Stock Integrity: We need visibility into real-time order

flows from the Online Store to ensure we are displaying accurate stock
levels in the mobile app, preventing overselling incidents.

Since our app is designed to help the merchant unify their web and
mobile sales—and not to share data between competitors—we believe we fit
the criteria for the exemption you mentioned.

Could you please review our app classification and apply the “Mobile App
Builder” exemption so we can deliver the expected experience to our
merchants?

Best regards,

Bilal Lead Developer, Cercle

4

Thanks for following up @Bilal_Khan! The Mobile App Builder exemption is specifically for apps that help merchants create their own native iOS/Android apps (the kind deployed to App Store/Google Play) using the iOS or Android Buy SDKs. These apps use the Storefront API, so the read_only_own_orders restriction doesn’t apply to them in the same way.

If Cercle does build native mobile apps for merchants (not just a mobile-based sales channel), then you may qualify for the exemption.

The App Review Team would have applied the read_only_own_orders flag during your approval process. If you believe you were misclassified and should be treated as a Mobile App Builder, reach out to them directly by replying to your app review approval email. They’ll be able to review your app’s architecture and confirm whether you qualify for the exemption.

If you don’t qualify, the only option would be what was discussed in this similar thread - creating a companion app (non-sales channel) that has read_orders scope to handle the unified order history/tracking features, while your sales channel app handles the checkout/order creation from your mobile platform.

1 Like