Updates to metafield access controls

API

It is now possible for apps to view the access field of metafield definitions they have access to but do not own. An AuthorizationError error was previously returned when accessing the field for definitions the app didn't have permissions to manage. Note that accessing the access.grants field still requires permissions to manage the definition and an error will be returned if accessing the field with insufficient permissions.

As of 2024-07, the admin and storefront fields of MetafieldAccess will also start returning values in more cases instead of null. Metafields that do not have associated access grants will return PUBLIC_READ_WRITE for admin access and LEGACY_LIQUID_ONLY for storefront. In addition, definitions that were created with a storefront access of NONE will start returning NONE instead of null. Finally, it will also now be possible to set PUBLIC_READ_WRITE as the admin access control.

Learn more about access controls for metafields on Shopify.dev.