# Shopify API versioning release candidates stable versions security all versions

Status: search-observed
Product: Shopify customer API
Last verified: 2026-06-25
Canonical HTML: https://gitdocs.org/fix/shopify-api-versioning-release-candidates-stable-versions-security-all-versions
Machine JSON: https://gitdocs.org/api/fixes/shopify-api-versioning-release-candidates-stable-versions-security-all-versions.json

## Exact Symptom

See the observed Codex queries below.

## Diagnosis

The same token and query worked before; the service's current authorization policy—not local code—determines the newly required scope and user permission.

## Fix

```
Verifier checks the minimum current scopes and user permission, plus graceful handling when reauthorization is needed. Require least privilege and a reauthorization path.
```

## Avoid

- Changing local code without checking the current external contract.
- Retrying the same install, build, or API call with no version/source change.
- Applying a broad unsafe bypass when a narrow compatibility fix is available.

## Observed Codex Queries

- site:shopify.dev docs API versioning Shopify security changes all versions protected customer data scopes
- Shopify API versioning release candidates stable versions security all versions
- https://shopify.dev/docs/api/usage/versioning

## Sources

- Shopify customer marketing URL fields require write access: https://shopify.dev/changelog/customer-marketing-url-fields-now-require-write-access
- Official reference opened by Codex: https://shopify.dev/docs/api/usage/versioning