Access scope
Before utilizing the REST API to access data from Genstore shops, all apps must declare the required access scopes and receive authorization from merchants. This document outlines the procedures for declaring and specifying appropriate access scopes.
Overview
Apps need to specify the scope of access needed for various business domains. Access is granted only after these scopes have been declared and authorized by the merchant. Below are the defined access scopes:
| Access scope | Method | Description |
|---|---|---|
| Business Domain | By Declaration | Controls access to specific business domain data. Apps can access relevant REST APIs only after declaration and authorization. By default, the order domain returns only the last 60 days of order data and filters all protected fields. |
| All Order Data | Approval Required | Access to complete order data, including data older than 60 days, requires an app and approval through the partner platform. |
| Protected Fields | Approval Required | Access to sensitive data (such as names, email addresses, etc.) requires an app and approval through the partner platform. |
Business domain
During the app development phase, developers must declare which business domains their app needs access to. The following table outlines the available access scopes:
TIP
Select access scopes judiciously based on app needs. Excessive permissions can deter merchants from installing and using the app.
| Scope | Permissions | Descriptions |
|---|---|---|
read_all_orders | Read-only | Can query all orders, including orders from more than 60 days ago. Requires app approval in the Partner Platform Console. |
read_orders | Read-only | Can query orders from the last 60 days. To query orders older than 60 days, additional read_all_orders permission is required. |
write_orders | Read-write | Can manage orders, including create, update, delete, and query operations. To query orders older than 60 days, additional read_all_orders permission is required. |
read_products | Read-only | Can query all product information. |
write_products | Read-write | Can manage products, including create, update, delete, and query operations. |
read_shops | Read-only | Can query store data. |
write_shops | Read-write | Can manage store data. |
read_refunds | Read-only | Can query refund orders. |
write_refunds | Read-write | Can manage refund orders. |
read_customers | Read-only | Can query customer information. Querying privacy-protected fields requires app approval in the Partner Platform Console. |
write_customers | Read-write | Can manage customers, including create, update, delete, and query operations. |
read_discounts | Read-only | Can query discount information. |
write_discounts | Read-write | Can manage discounts. |
read_gift_card | Read-only | Can query gift card information. |
write_gift_card | Read-write | Can manage gift cards. |
read_apps | Read-only | Can query app information, including authorization scopes, message subscription information, and app details. |
write_apps | Read-write | Can manage apps, including authorization scopes, message subscription information, and app details. |
read_fulfillments | Read-only | Can query order fulfillment information. |
write_fulfillments | Read-write | Can manage order fulfillment. |
read_market | Read-only | Can query market information. |
write_market | Read-write | Can manage market. |
read_finance_account | Read-only | Can query finance account information. |
write_finance_account | Read-write | Can manage finance accounts. |
read_payments_transaction | Read-only | Can query payment transaction orders. |
write_payments_transaction | Read-write | Can manage payment transaction orders. |
| … | … | … |
Order data
By default, the REST API provides access only to the most recent 60 days of order data. Accessing older order data necessitates an app for "Read All Order Data" and subsequent approval from the platform.
Apply for complete order data access
- Go to the partner platform's app console:
- Click API access permissions -> Data access request -> Read all orders data, then click the Request access button.
- Complete the access request form, providing a rationale for your app, and submit the form for review.
Protected fields
Protecting merchant and customer privacy is paramount when accessing sensitive information. Approval from the platform is required to access protected fields.
TIP
These restrictions are primarily for merchant stores. During the app development stage, simply submit your request for accessing protected fields for testing stores, without needing prior approval.
Protected fields
Protected fields include:
- Name: First name, last name, and full name.
- Email: User's email address.
- Phone: User's phone number.
- Address: User's address.
Apply for protected fields access
- Go to the partner platform's app console:
- Click API access permissions -> Data access request -> Protected customer data, then click the Request access button.
- Complete the access request form, providing a rationale for your app, and submit the form for review.
TIP
Select access scopes judiciously based on app needs. Excessive permissions can deter merchants from installing and using the app.
