You may need to request permissions in advance of your migration

I receive this email today:

Hello,

We are reaching out with an important action you must take if your app currently reads or writes published_at/published_scope via REST.

With the deprecation of the /products REST endpoint and updates to the GraphQL productCreate and productUpdate fields, all product publishing must now use the publishablePublish GraphQL mutation, which requires the write_publications permission.

In order to request permissions, you must first update your app to request these permissions for new installs and then fill out this form. We will backfill these permissions every Friday, except on December 27, 2024, until the migration deadline. If you submit the form before updating your app, new installs between the backfill and your update will not receive these permissions.

If you have any questions please feel free to post them on the Shopify Community Forum

I have some questions:

  1. My apps currently don’t reads or writes published_at/published_scope via REST. Why is it relevant?
  2. I included the write_publications and read_publications permission scope a long time ago. Do I have to fill in the form? If I already have the permission, why do I have to fill in the form?
  3. I’m already using the publishablePublish mutation. So there is no action required aside from filling the form (if required)?

Hello, @Benny_Chan!

Since your apps are not using those fields in REST, and are using publishablePublish with the write_publications and read_publications permission scopes, there is no action required from your end.

Hello @Elias-Shopify, our app reads (but doesn’t write) published_at via REST and I too am a bit confused by the wording of the email. The opening sentence suggests that we need to do something:

We are reaching out with an important action you must take if your app currently reads or writes published_at /published_scope via REST.

It feels weird to ask for write permissions when we’re not writing anything. And then if we don’t ask for new permissions, filling the form feels equally pointless.

Could you clarify if we need to do something or if it’s just the wording or the email that is a bit wonky?