Shopify
Version
This integration utilizes the Shopify REST Admin API 2024-01.
Base URL
The base URL used for all Shopify API endpoints contains the Shopname:https://shopname.myshopify.com/admin/api/2024-01
Authentication & Authorization
The DataGrail Shopify integration connects using OAuth 2.0 with the following credentials: Client ID and Client Secret.
Scopes
The Shopify integration requires specific scopes that must be granted in order to function for a given capability.
Scope | Base | Access | Deletion | Data Discovery |
---|---|---|---|---|
read_customers | ✅ | ✅ | ||
read_orders | ✅ | ✅ | ||
read_all_orders | ✅ | ✅ | ||
read_checkouts | ✅ | ✅ | ||
read_content | ✅ | ✅ | ||
read_assigned_fulfillment_orders | ✅ | |||
write_customers | ✅ | |||
write_orders | ✅ | |||
write_customer_data_erasure | ✅ |
Endpoints Utilized
DataGrail uses the following endpoints to authorize and test the connection:
Limits
Limits in Shopify are calculated using the leaky
bucket algorithm. All requests that are made after rate limits have been
exceeded are throttled and an HTTP 429 Too Many Requests
error is returned.
Requests succeed again after enough requests have emptied out of the bucket.
- DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
- DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).
Capabilities
Access
DataGrail's Shopify integration provides Synchronous Access capabilities for the following supported identifier category: Email.Data Interactions
For Access requests, DataGrail will take the following actions:
- Search for Customers by the Data Subject email.
- If a match is found, DataGrail will extract all objects related to the customer, including the following:
Match Found
- Orders
- Refunds
- Transactions
- Order Risks
- Fulfillments
- Fulfillment Events
- Fulfillment Orders
- Blog Comments
Endpoints Utilized
Deletion
DataGrail's Shopify integration provides Asynchronous (Whole Record) Deletion capabilities for the following supported identifier category: Email.Data Interactions
For Deletion requests, DataGrail will take the following actions:
Attempt to delete customer profiles:
- Search for Customers by the Data Subject email address.
- If a match is found, DataGrail will fetch all Orders associated with the customer.
- Update all retrieved orders:
- DataGrail updates orders to make them anonymized, unrelated to the customer.
- Your orders will remain in Shopify without affecting your reporting and available to be used accordingly for tax, audit or any other legal requirement purposes related to your company and/or industry.
- Delete the customer profile.
Shopify Customer Profile Deletion Restrictions
Shopify will not allow Customer Profiles to be deleted, if any of the following conditions are met, in case a chargeback occurs:
- The customer has an order history.
- The customer has pending redaction because of a GDPR erasure request.
- The customer has an active subscription now, or if the customer ever had a subscription in the past.
- The customer is the recipient of a scheduled gift card that hasn't been delivered yet.
If customer profile deletion fails, initiate a GDPR Erasure Request:
- Check that DataGrail has the
write_customer_data_erasure
scope. If this scope is not granted, deletion will be marked as failed. - Enqueue a request to erase customer data.
Review the Shopify Connection Guide for additional configuration options for processing GDPR Erasure Requests.
Endpoints Utilized
Data Discovery
DataGrail's Shopify integration provides data discovery capabilities based on the principle of finding any and all personal data that's stored in a data system.Data Interactions
For discovery requests, DataGrail will take the following actions:
- Count number of all records for each of supported objects.
- Fetch example records for each of the supported objects.
Supported Objects
- Customers
- Orders
- Checkouts
- TenderTransactions
- Additional objects associated with customers and orders
- Sample data for the next analysis and classification.
Endpoints Utilized
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.