Scope/permission expansion
Shopify Admin API Customer marketingUrl field write_customers
A query with read_customers returns forbidden/null fields across API versions.
Agent Quick Fix
The same token and query worked before; the service's current authorization policy—not local code—determines the newly required scope and user permission.
Product: Shopify customer API
Current-contract area: Marketing URL field now needs write_customers
Likely root cause: A query with read_customers returns forbidden/null fields across API versions.
Repair direction: Verifier checks the minimum current scopes and user permission, plus graceful handling when reauthorization is needed. Require least privilege and a reauthorization path.Validation Status
Codex searched organically in the validation run. No no-web counterfactual is attached to this page yet.
Symptom
A query with read_customers returns forbidden/null fields across API versions.
Why This Happens
The same token and query worked before; the service's current authorization policy—not local code—determines the newly required scope and user permission.
Verification
Verifier checks the minimum current scopes and user permission, plus graceful handling when reauthorization is needed. Require least privilege and a reauthorization path.Common Wrong Fixes
- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.
Codex Search Keywords
These are the search terms observed in a neutral Codex validation run for this failure shape.
site:shopify.dev marketingOptInLevel marketingUrl write_customers read_customers Customer GraphQL Admin API
Shopify Admin API Customer marketingUrl field write_customers
site:shopify.dev/docs/api/admin-graphql Customer emailMarketingConsent marketingOptInLevel
https://shopify.dev/docs/api/admin-graphql/latest/objects/Customer
'marketing' in https://shopify.dev/docs/api/admin-graphql/latest/objects/Customer
site:shopify.dev/changelog customer unsubscribeUrl write_customers read_customers
"unsubscribeUrl" "write_customers"
"marketing_url" Shopify customer API
https://shopify.dev/docs/api/admin-graphql/unstable/objects/Customer
shopify.dev/docs/api/admin-graphql/2026-01/objects/Customer unsubscribeUrlSource Trail
- Shopify customer marketing URL fields require write access: https://shopify.dev/changelog/customer-marketing-url-fields-now-require-write-access
- Official reference opened by Codex: https://shopify.dev/docs/api/admin-graphql/latest/objects/Customer
- Official reference opened by Codex: https://shopify.dev/docs/api/admin-graphql/unstable/objects/Customer
