Shopify Admin API Access Token Scopes
Every scope you can request when generating an Admin API access token in 2026, organized by category. Use it as a checklist when picking the minimum set your app needs.
What are Shopify scopes?
A scope is a string that tells Shopify which parts of a store an access token is allowed to read or write. Every scope follows the same shape: read_resource for read access and write_resource for read and write access combined.
When you start the OAuth flow, you list the scopes you need as a comma-separated string. Shopify shows them to the merchant on the consent screen, the merchant approves, and the issued access token is permanently bound to exactly that set of scopes.
Tokens never auto-expand. If you later realize you need a scope you didn’t request, you have to re-run the OAuth flow and ask the merchant to re-approve.
Least privilege: request only the scopes you actually need. Merchants reject installs that ask for too much, and a leaked over-scoped token does more damage.
Common scope sets
Starting points for typical app types. Trim or extend based on your specific needs. (Building a customer-facing storefront? You want the Storefront API and its own scope system instead.)
Read-only product catalog
Pull product data into a third-party tool (PIM, ERP, search index).
read_productsread_inventoryread_locationsOrder export / accounting sync
Export orders to an accounting system or data warehouse.
read_ordersread_customersread_productsInventory sync
Two-way inventory sync with an external system.
read_productsread_inventorywrite_inventoryread_locationsOrder management / fulfillment app
Read orders, manage fulfillments, update tracking.
read_orderswrite_ordersread_fulfillmentswrite_fulfillmentsCustomer / marketing app
Sync customer data with an email or CRM platform.
read_customerswrite_customersread_marketing_eventsTheme / storefront app
Edit themes and inject storefront customizations.
read_themeswrite_themesread_fileswrite_filesAll Shopify Admin API scopes
Grouped by resource. Scopes marked as protected require approval from Shopify before you can request them.
Products & Inventory
Manage your catalog, inventory levels, and how products are published to sales channels.
| Scope | Description |
|---|---|
read_products | Read products, variants, collections, images, and tags. |
write_products | Create, update, and delete products and variants. |
read_inventory | Read inventory levels at every location. |
write_inventory | Adjust inventory quantities and connect inventory items to locations. |
read_product_listings | Read product publication status across sales channels. |
write_product_listings | Publish or unpublish products on specific sales channels. |
read_publications | Read sales channel publications. |
write_publications | Manage sales channel publications. |
Orders
Read and manage orders, draft orders, edits, and returns. Some scopes require Shopify approval.
| Scope | Description |
|---|---|
read_orders | Read orders placed in the last 60 days. |
write_orders | Create, update, and cancel orders. |
read_all_orders | Read all historical orders. Protected scope — requires Shopify approval. |
read_draft_orders | Read draft orders. |
write_draft_orders | Create and modify draft orders, including converting to real orders. |
read_order_edits | Read the history of edits applied to orders. |
write_order_edits | Edit completed orders (line items, prices, taxes). |
read_returns | Read return requests and statuses. |
write_returns | Approve, decline, and process returns. |
Customers
Customer profiles, payment methods, and B2B companies. Some customer data is protected.
| Scope | Description |
|---|---|
read_customers | Read customer profiles, addresses, and order history. |
write_customers | Create and update customer profiles and addresses. |
read_customer_payment_methods | Read customers' saved payment methods (tokenized references). |
read_companies | Read B2B companies, locations, and contacts. Requires Shopify Plus. |
write_companies | Create and manage B2B companies. Requires Shopify Plus. |
Storefront, Themes & Content
Modify the merchant's online store: themes, pages, blogs, navigation, and locales.
| Scope | Description |
|---|---|
read_themes | Read theme files (Liquid templates, sections, assets). |
write_themes | Create themes, modify theme files, and publish themes. |
read_script_tags | Read JavaScript script tags injected into the storefront. |
write_script_tags | Add or remove storefront script tags. Deprecated in favor of theme app extensions for new apps. |
read_online_store_pages | Read static pages (About, Contact, etc.). |
write_online_store_pages | Create and edit static pages. |
read_online_store_navigation | Read menus and link lists. |
write_online_store_navigation | Manage menus and link lists. |
read_content | Read blog articles, comments, and metafields on content. |
write_content | Create and update articles, blogs, and comments. |
read_locales | Read the locales (languages) configured for the store. |
Fulfillment, Shipping & Locations
Move orders through fulfillment, configure shipping, and read store locations.
| Scope | Description |
|---|---|
read_fulfillments | Read fulfillments and tracking information. |
write_fulfillments | Create and update fulfillments. |
read_assigned_fulfillment_orders | Read fulfillment orders assigned to your app as a fulfillment service. |
write_assigned_fulfillment_orders | Update fulfillment orders assigned to your app. |
read_merchant_managed_fulfillment_orders | Read fulfillment orders the merchant fulfills themselves. |
write_merchant_managed_fulfillment_orders | Update merchant-managed fulfillment orders. |
read_shipping | Read shipping zones, rates, and carrier services. |
write_shipping | Configure shipping zones, rates, and carrier services. |
read_locations | Read the store's physical and virtual locations. |
Discounts & Pricing
Create and manage automatic discounts, discount codes, price rules, and gift cards.
| Scope | Description |
|---|---|
read_discounts | Read automatic discounts and discount codes. |
write_discounts | Create, update, and delete discounts. |
read_price_rules | Read legacy price rules. Use read_discounts for new code. |
write_price_rules | Manage legacy price rules. Use write_discounts for new code. |
read_gift_cards | Read gift cards. Requires Shopify Plus. |
write_gift_cards | Issue and manage gift cards. Requires Shopify Plus. |
Marketing & Analytics
Marketing events, reports, and customer-facing pixels for tracking.
| Scope | Description |
|---|---|
read_marketing_events | Read marketing events created by apps and channels. |
write_marketing_events | Create and update marketing events. |
read_reports | Read built-in and custom reports. |
write_reports | Create custom reports. |
read_pixels | Read web pixels installed on the storefront. |
write_pixels | Install and manage web pixels (custom or app-based). |
Markets & Localization
International markets, languages, and translated content.
| Scope | Description |
|---|---|
read_markets | Read the store's configured markets. |
write_markets | Create and manage markets. |
read_translations | Read translations for products, pages, and other content. |
write_translations | Create and update translations. |
Files & Media
Files uploaded to the merchant's Files section in admin.
| Scope | Description |
|---|---|
read_files | Read files (images, videos, documents) in the Files section. |
write_files | Upload and delete files. |
Customer Privacy & Consent
GDPR / CCPA compliance — customer consent records.
| Scope | Description |
|---|---|
read_customer_privacy | Read customer consent records (cookie, marketing, etc.). |
write_customer_privacy | Update customer consent records. |
Workflows & Automation
Shopify Flow workflows for automation.
| Scope | Description |
|---|---|
read_flow | Read Shopify Flow workflows and runs. |
write_flow | Create and update Shopify Flow workflows. |
Payments & Disputes
Payment disputes and Shopify Payments data. Many of these are read-only.
| Scope | Description |
|---|---|
read_disputes | Read chargebacks and payment disputes across providers. |
read_shopify_payments_payouts | Read Shopify Payments payout history. |
read_shopify_payments_bank_accounts | Read connected bank account details (Shopify Payments). |
read_shopify_payments_disputes | Read Shopify Payments dispute records. |
Checkout & Validations
Cart validations and checkout customization.
| Scope | Description |
|---|---|
read_validations | Read cart and checkout validation functions. |
write_validations | Create and update cart validation functions. |
read_checkout_branding_settings | Read checkout branding configuration. Requires Shopify Plus. |
write_checkout_branding_settings | Update checkout branding. Requires Shopify Plus. |
Apps
Read information about installed apps.
| Scope | Description |
|---|---|
read_apps | Read the list of apps installed on the store. |
Best practices
Request the minimum set. If you only display orders, you don’t need write_orders. Asking for write access you don’t use makes merchants suspicious and your blast radius larger.
Use read-only scopes whenever possible. Most integrations are read-heavy. Reach for read_products before write_products unless you really do need to mutate data.
Document why each scope is needed. Store an internal note next to your scope list explaining which feature uses each one. When you remove a feature, you can confidently drop the scope.
Don’t request protected scopes you don’t need. read_all_orders, read_customers for protected fields, and Shopify Payments scopes require an approval process. Skip them unless your app genuinely requires the data.
Re-test on scope changes. When you add a new scope, your existing token won’t have it. Re-run the OAuth flow with the new scope list and replace the token.
Generate a token with the right scopes
Pick your scopes from the list above, paste your Client ID and Secret, approve on Shopify, and copy your token in under a minute.
Frequently asked questions
Can I add new scopes to an existing Shopify access token?+
No. Access tokens are tied to the exact set of scopes that were approved during OAuth. To add new scopes you have to re-run the OAuth flow with the expanded scope list. The merchant will be prompted to re-approve, and you'll receive a new access token.
What happens if I request a Shopify scope that doesn't exist?+
Shopify rejects the OAuth request with an invalid_scope error before the merchant ever sees the consent screen. Double-check spelling — scope names are case-sensitive snake_case (for example read_products, not read-products or readProducts). See the OAuth errors reference for full debugging steps.
What's the difference between read_orders and read_all_orders?+
read_orders gives access to orders placed in the last 60 days. read_all_orders is a protected scope that grants access to all historical orders and requires explicit approval from Shopify before you can request it. Most apps don't need it.
Are there Shopify scopes that require approval?+
Yes. Protected scopes like read_all_orders, read_customers (for protected customer data), and certain Shopify Payments scopes require you to apply for access through your Partner Dashboard. Standard scopes like read_products, write_products, and read_orders are available immediately.
How many scopes can I request in a single Shopify access token?+
There's no hard limit, but request only what you actually need. Asking for too many scopes lowers approval rates from merchants and increases your blast radius if a token leaks. Follow the principle of least privilege.