All Shopify apps require different permissions to work, and POPSMASH is no different. The permissions requested are based on what the app does.
Here we'll explain which Shopify app permissions POPSMASH uses and why.
POPSMASH Shopify App Permissions
First, sometimes Shopify permissions are grouped together, so here's context on what they are and how we use them:
Customer information: The ability to read/write customer information as they opt-in to marketing (e.g. join your email list).
Store owner information: Default information Shopify shares with every app to serve the merchant.
Content provider information: This comes as part of read_content, which we use, but is specifically for blog posts/comments, which we don't use. It's grouped with read_content.
If you want to learn more, you can find more details on the above here: https://help.shopify.com/en/manual/apps/app-personal-information
Here are the limited scopes that POPSMASH requests and how they are used:
read_content (website pages)
read_customers (check if the customer exists)
read_orders (revenue attribution)
read_price_rules (discount codes)
read_products (product recommendations)
read_script_tags (revenue attribution & embed codes for 1.0 themes)
unauthenticated_read_product_listings (get best-selling products)
unauthenticated_read_product_tags (product health scans)
write_customers (sync opt-ins to Shopify)
write_script_tags (revenue attribution& embed codes for 1.0 themes)
Here is the reference for the above scopes: https://shopify.dev/docs/api/usage/access-scopes
If you have any other questions about the permissions and scopes our app uses, just contact our support team!