Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Shopify

This documentation for the Shopify integration describes the technical capabilities of this integration, including authorization, scopes/permissions, and utilized endpoints. For more information on how to integrate Shopify, visit our connection instructions.

Version

This integration utilizes the Shopify REST Admin API 2024-01.

Base URL

The base URL used for all Shopify API endpoints contains the Shopname:
https:​//shopname.myshopify.com/admin/api/2024-01

Authentication & Authorization

The DataGrail Shopify integration connects using OAuth 2.0 with the following credentials: Client ID and Client Secret.

Sensitive Credentials
Publicly exposing your API credentials can allow unauthorized access to Shopify API endpoints by a third party. DataGrail stores your API credentials encrypted and protected.

Scopes

The Shopify integration requires specific scopes that must be granted in order to function for a given capability.

ScopeBaseAccessDeletionData Discovery
read_customers
read_orders
read_all_orders
read_checkouts
read_content
read_assigned_fulfillment_orders
write_customers
write_orders
write_customer_data_erasure
Base Scopes
All base scopes must be granted in order to connect the integration with DataGrail. The remaining scopes are only required if enabling those capabilities

Endpoints Utilized

DataGrail uses the following endpoints to authorize and test the connection:


Limits

Limits in Shopify are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket.

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Capabilities

Access

DataGrail's Shopify integration provides Synchronous Access capabilities for the following supported identifier category: Email.

Data Interactions

For Access requests, DataGrail will take the following actions:

  1. Search for Customers by the Data Subject email.
  2. If a match is found, DataGrail will extract all objects related to the customer, including the following:
Match Found
  • Orders
  • Refunds
  • Transactions
  • Order Risks
  • Fulfillments
  • Fulfillment Events
  • Fulfillment Orders
  • Blog Comments

Endpoints Utilized

MethodEndpointPurposeDocs
GET/blogs.jsonRetrieve a list of blogs
GET/checkouts.jsonRetrieve a list of checkouts
GET/checkouts/checkout_id/payments.jsonRetrieves a single payment
GET/comments.jsonRetrieves a list of comments
GET/customers/search.jsonSearch for Customers
GET/orders.jsonRetrieve a list of orders
GET/orders/order_id/fulfillment_orders.jsonRetrieves a list of fulfillment orders for a specific order
GET/orders/order_id/fulfillments.jsonRetrieves fulfillments associated with an order
GET/orders/order_id/fulfillments/{fulfillment_id}/events.jsonRetrieves a list of fulfillment events for a specific fulfillment
GET/orders/order_id/risks.jsonRetrieves a list of all order risks for an order
GET/orders/order_id/transactions.jsonRetrieves a list of transactions

Deletion

DataGrail's Shopify integration provides Asynchronous (Whole Record) Deletion capabilities for the following supported identifier category: Email.

Data Interactions

For Deletion requests, DataGrail will take the following actions:

Attempt to delete customer profiles:

  1. Search for Customers by the Data Subject email address.
  2. If a match is found, DataGrail will fetch all Orders associated with the customer.
  3. Update all retrieved orders:
    • DataGrail updates orders to make them anonymized, unrelated to the customer.
    • Your orders will remain in Shopify without affecting your reporting and available to be used accordingly for tax, audit or any other legal requirement purposes related to your company and/or industry.
  4. Delete the customer profile.
Shopify Customer Profile Deletion Restrictions

Shopify will not allow Customer Profiles to be deleted, if any of the following conditions are met, in case a chargeback occurs:

  • The customer has an order history.
  • The customer has pending redaction because of a GDPR erasure request.
  • The customer has an active subscription now, or if the customer ever had a subscription in the past.
  • The customer is the recipient of a scheduled gift card that hasn't been delivered yet.

If customer profile deletion fails, initiate a GDPR Erasure Request:

  1. Check that DataGrail has the write_customer_data_erasure scope. If this scope is not granted, deletion will be marked as failed.
  2. Enqueue a request to erase customer data.
Shopify Deletion Behavior Options

Review the Shopify Connection Guide for additional configuration options for processing GDPR Erasure Requests.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/customers/customer_id.jsonRetrieves a single customer
DEL/customers/customer_id.jsonDeletes a customer
GET/customers/search.jsonSearch for Customers
POST/graphql.jsonSubmit an Erasure Request
GET/orders.jsonRetrieve a list of orders
PUT/orders/order_id/.jsonUpdate an order
GEThttps://shopname.myshopify.com/admin/oauth/access_scopes.jsonAccess scopes granted to the app on this store

Data Discovery

DataGrail's Shopify integration provides data discovery capabilities based on the principle of finding any and all personal data that's stored in a data system.

Data Interactions

For discovery requests, DataGrail will take the following actions:

  1. Count number of all records for each of supported objects.
  2. Fetch example records for each of the supported objects.
Supported Objects
  • Customers
  • Orders
  • Checkouts
  • TenderTransactions
  • Additional objects associated with customers and orders
  1. Sample data for the next analysis and classification.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/checkouts.jsonRetrieve a list of checkouts
GET/checkouts/count.jsonRetrieve a list of checkouts
GET/customers.jsonRetrieve a list of customers
GET/customers/customer_id/metafields.jsonRetrieve a customer metafields
GET/customers/count.jsonRetrieves a count of all customers.
GET/orders.jsonRetrieve a list of orders
GET/orders/order_id/metafields.jsonRetrieve an order metafields
GET/orders/order_id/transactions.jsonRetrieve a transaction metafields
GET/orders/count.jsonRetrieve a list of orders
GET/tendertransactions.jsonRetrieve a list of tender transactions

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.