What permissions Specter asks for on Shopify (and what it can’t see)
Before you approve a Shopify app, you should know exactly what it can touch. Shopify’s install screen lists the scopes, but the plain-English summary it shows can read broader than the actual permission set — and on a store with real customer data, “I think it’s fine” isn’t good enough. This guide spells out the precise scopes Specter requests, what each one grants, and the surfaces of your store that remain invisible to the app.
The scopes Specter requests
When you go through the OAuth flow, Shopify shows the install screen with two Admin API scopes:
read_content— read access to articles, blogs, comments on articles, and pageswrite_content— write access to the same set: create, update, and delete articles, blogs, and pages
That’s it. Two scopes. Both scoped to the same content surface. Nothing else is requested.
These map directly to Shopify’s Article, Blog, and Page resources in the Admin API. The pair is what every legitimate blog-management app on Shopify uses, and they’re the minimum set required to do anything useful with articles.
What this actually grants
With these scopes Specter can:
- List every blog on the store. Shopify lets a store have multiple blogs (each holding its own set of articles). Specter sees all of them and represents them as folders.
- Read every article in every blog. Title, body HTML, author, handle (URL slug), tags, summary, featured image, publish status, publish date, and the SEO fields (page title and meta description).
- Create new articles in any blog.
- Update existing articles — the bread-and-butter operation. Body, handle, tags, summary, SEO fields. This is what makes bulk SEO edits possible.
- Delete articles (only when you explicitly remove a file from your sync folder and confirm the delete in the preview — Specter doesn’t trash content on its own).
- Read and write pages (your About, Contact, Shipping pages — the static content surface that lives alongside the blog).
That’s the entire blast radius. Two verbs, three resources.
What it does NOT grant
This is the more important list. With read_content and write_content, Specter has no access to:
- Orders. Not order details, not customer order history, not totals, not anything.
- Customers. No names, emails, addresses, marketing consent, or saved payment methods.
- Products. Specter can’t list products, can’t read prices, can’t change inventory, can’t update product descriptions. If you want a CTA in an article that links to a product or collection, that’s fine — the URL is public — but Specter can’t reach into the product itself.
- Inventory — quantities, locations, transfers, anything in the inventory surface.
- Payouts and financials. Specter cannot see your Shopify Payments balance, payout schedule, transactions, refunds, or chargebacks.
- Themes and Liquid templates. Specter has no ability to read or modify your store’s theme files, sections, snippets, or template logic. The article you’re editing renders inside your theme’s article template — Specter just sends the article content; the theme renders it.
- Metaobjects, metafields, navigation, redirects, files in the Files API, discount codes, gift cards, shipping zones, tax settings, staff accounts, locations, fulfilment services, or any app-data scopes.
If any of those operations were attempted, Shopify itself would reject the API call because the scope was never granted. That’s enforced at Shopify’s edge, not just by polite restraint on the app’s side.
Where the access token lives
After you approve the install, Shopify issues an access token tied to your store and the granted scopes. Specter stores that token in the macOS Keychain on your Mac.
A few specifics worth knowing:
- It does not travel through your browser URL bar. The OAuth handoff to the Specter app uses a custom URL scheme; the token itself is exchanged server-to-server.
- It is not stored on Specter’s servers. Specter’s backend mediates the OAuth dance but doesn’t keep your token after it’s been handed off to your Mac.
- It is not in plain text on disk. The Keychain is encrypted, gated by your macOS login, and not readable by other apps without your authorisation.
If you have FileVault on (you should), the token is also encrypted at rest with the rest of your disk.
How to revoke
There’s one canonical way to revoke Specter’s access to a Shopify store: uninstall the app in Shopify admin.
- Log into your Shopify admin (
your-store.myshopify.com/admin). - Go to Settings → Apps and sales channels.
- Find Specter in the list of installed apps.
- Click the · menu and choose Uninstall.
The moment you confirm, Shopify invalidates the access token. Any future API call Specter tries to make against that store will return a 401. Whatever’s already on your Mac stays on your Mac — but the live connection is dead.
If you also want to clear the local copy, open Specter, remove the store from the connected-stores list, and delete the sync folder. The Keychain entry goes with the store removal.
This is also the standard rotation flow. There’s no separate “rotate token” button on Shopify’s side. If you suspect a token has been exposed, you uninstall and then run the connection flow again — Shopify mints a fresh token at that point.
When the install screen looks different
Occasionally the Shopify install screen will list a scope you don’t recognise. That’s a red flag worth pausing on. Specter only ever requests read_content and write_content. If you see a scope that mentions orders, customers, products, or themes during a Specter install, do not approve it — back out, confirm you’re on the real setup page, and re-run the flow. If the issue persists, the connection-failed troubleshooting covers what to check.
The plain-English summary above the scope list can occasionally read broader than the scope itself (“read and write your store’s content” is technically accurate but sounds vast). The authoritative line is always the scope names. If those say read_content, write_content, that’s the entire permission grant — articles, blogs, and pages, nothing more.