Understanding Shopify App Permission Screens: Explicit vs Implicit Access

Dev Platform
1

Hi Shopify Devs,

I’ve been reading several merchant posts lately expressing concerns about confidentiality and the number of permissions shown during app installation, and it made me double-check my own app setup.

From a developer standpoint, I’ve intentionally configured my app to request only minimal scopes—basic store information and order data. I avoided adding anything beyond what the app truly needs.

However, when I installed my own app on my admin store for testing, the permission screen displayed access to many more areas than I explicitly configured, including things like IP-related access and broader permissions.

That experience made me wonder:
• Is this behavior expected due to Shopify’s OAuth / app permission abstraction?
• Are certain permissions implicitly surfaced even when not explicitly requested?
• How do other developers explain this to merchants who see a long permission list and naturally feel uneasy?

Given the growing focus on data privacy, this feels like a merchant-trust issue, not just a technical one. I’m trying to understand what is normal here and what can (or can’t) be controlled by developers.

Note: Some merchants have mentioned that apps they already have installed are prompting them to accept updated permission scopes in order to continue using the app without interruption. I can’t personally confirm this, but I’m sharing what I’ve come across in discussions.

Would appreciate insights from others who’ve looked into this.

2

This is a really thoughtful concern, and you’re right to frame it as a trust issue as much as a technical one. What you’re seeing is generally expected behavior with Shopify’s OAuth model. Even when an app requests only a small set of scopes, Shopify often surfaces a broader, more descriptive permission list in the install screen to reflect the potential data touchpoints tied to those scopes and to meet transparency and compliance requirements. Some items (like IP-related access, app usage, or basic store metadata) are implicit parts of the platform and not something developers can opt out of individually.

From a developer perspective, the key thing is that the actual API access is still limited to the scopes you explicitly request—there’s no hidden elevation happening behind the scenes. Unfortunately, the install UI doesn’t clearly differentiate between “explicitly requested,” “implicitly required,” and “platform-level” permissions, which can understandably make merchants uneasy.

1 Like