I’m currently developing a Shopify payment app and encountered an issue during the app review process.
The review team flagged that our app is requesting the read_checkout_external_data permission — but we never added or used this scope anywhere in our app.
Here’s our configuration:
scopes = "write_payment_gateways, write_payment_sessions"
We double-checked our OAuth setup and codebase, and there’s no reference to read_checkout_external_data.
However, we suspect the issue happened when we accidentally clicked
“Allow network access in checkout and account UI extensions”
in the Partner Dashboard.
After that, this permission automatically appeared in our app’s granted scopes, and there seems to be no way to undo or remove it from the interface.
We are now stuck because the payment app review rejects our submission due to this unintended scope.
Has anyone else experienced this issue?
- Is there any way to revoke or remove the
read_checkout_external_datapermission?