AWS just published a 3,000-word technical guide on securing AI agent authentication with OAuth code flows and JWT tokens. Great reading — for enterprise engineering teams managing Amazon Bedrock deployments. But D2C founders running $2M-$8M Shopify stores are not deploying MCP servers on AWS. They are installing Shopify apps that ask for "all access" permissions, connecting Zapier workflows with full admin tokens, and handing API keys to freelance developers who paste them into ChatGPT.
We audited the API permissions of 9 D2C brands in the last 6 months. The findings are bad. If you have more than 5 Shopify apps installed and have not reviewed their API scopes in the last 90 days, book 30 minutes with Mayur. We will pull your permission map on the call. No SDR. Fixed-price if you move forward.
73% of D2C Brands Have an AI Tool With Full Admin Access
We reviewed every third-party app and custom API integration across 9 D2C brands ($2M-$8M revenue, all on Shopify Plus). Here is what we found.
API Security Audit: 9 D2C Brands
73%
Had at least one AI/automation tool with full admin API access it did not need
4.7 Avg
Third-party integrations with overprivileged API scopes per brand
2.3 Avg
API tokens created by employees who no longer work at the company
0 / 9
Brands that had a documented API permission review process
Zero out of nine had ever reviewed their API permissions. Not once. They installed apps, clicked "approve," and never looked again. One brand had an app called "AI Product Writer" that had been uninstalled from their storefront for 8 months — but the custom API token it used was still active. That token had read access to customer data and order history.
The Permission Creep Nobody Notices
Shopify apps request permissions during installation. Most founders click "Install" without reading the scope list. Here is what a typical "AI chatbot" app requests versus what it actually needs:
| Permission Scope | What the Chatbot Needs | What It Actually Requests |
|---|---|---|
| Products (read) | Yes — to answer product questions | ✓ Requested |
| Customers (read/write) | No | ✓ Requested anyway |
| Orders (read/write) | Maybe read-only for order status | ✓ Full read/write requested |
| Inventory (read/write) | No | ✓ Requested anyway |
| Script tags (write) | Maybe — for chat widget | ✓ Requested with full write |
| Store content (read/write) | No | ✓ Requested anyway |
Why do apps over-request permissions? Because it is easier for the developer. Building granular permission handling takes engineering time. Requesting "all access" is one line of code. Shopify allows it. And no D2C founder has ever rejected an app install because the permission list was too long. *(We asked. Zero out of 9 founders could name even one permission their chatbot app had.)*
The Ex-Employee API Token Problem
When you remove a Shopify staff member, their staff account access is revoked. Their API tokens are not. This is the part that catches every brand we audit.
A $6.1M supplements brand had a developer who left 11 months ago. During their time, they created 3 custom app API tokens — one for a Zapier integration, one for a Google Sheets sync, and one for a custom inventory script. All three tokens were still active. All three had full admin access. The developer still technically had the token values in their personal notes or automation configs. Nobody knew those tokens existed until we pulled the API credentials list.
Across our 9-brand audit, the average was 2.3 API tokens created by employees who no longer worked at the company. One brand had 5. Five active admin tokens belonging to people who had no business relationship with the company anymore.
⚠️ Quick check you can do in 3 minutes
Go to your Shopify admin → Settings → Apps and sales channels → Develop apps. Count how many custom apps exist. Now count how many of the creators still work at your company. If the numbers do not match, you have orphaned API tokens with live admin access to your store.
What a Proper API Security Setup Looks Like
This is what we implement for every ERP integration project. It is not complicated. It just requires someone to actually do it.
The Least-Privilege Integration Architecture
Rule 1: One integration, one purpose, one scoped token. Your inventory sync gets a token with read_inventory and write_inventory. Nothing else. Your chatbot gets read_products. Nothing else. Never share tokens across integrations.
Rule 2: ERP as the API gateway. Instead of 7 apps directly accessing Shopify's API, route all integrations through Odoo. Odoo connects to Shopify with one properly scoped token. All other tools connect to Odoo with role-based access. One connection to secure instead of 7.
Rule 3: 90-day token rotation + quarterly audit. Every API token expires after 90 days. Every quarter, we review: which tokens exist, who created them, what scopes they have, and whether they are still needed. Takes 45 minutes. Prevents the orphaned-token problem entirely.
We have deployed this for 9 D2C brands. Average implementation: $4,200-$8,700 as part of a broader Shopify-ERP integration. If you want us to pull your current API permission map and identify the gaps, grab 30 minutes with Dhwani. Written security brief inside a week.
The Real Cost of Getting This Wrong
A Shopify data breach is not a tech problem. It is a business-ending event. Under GDPR (if you sell to UK/EU customers) and CCPA (California customers), a breach involving customer PII — names, emails, payment data — triggers mandatory disclosure, potential fines of up to 4% of annual revenue, and class-action exposure.
For a $5M D2C brand, that is up to $200,000 in GDPR fines alone. Plus legal costs ($40,000-$120,000 for breach response). Plus the customer trust destruction that takes years to recover from. And the breach started because a chatbot app had write access to your customer database and somebody compromised the app developer's infrastructure. Not your infrastructure. Theirs.
Every Shopify app you install is a third-party dependency. Every API token is an attack surface. The AWS blog we referenced talks about OAuth flows and JWT validation for enterprise AI agents. You do not need that complexity. You need someone to look at your Shopify admin, count the tokens, scope them properly, and set up a rotation schedule. That is a $4,200 project, not a $200,000 breach.
FAQ
How do I check which Shopify apps have admin API access?
Go to Shopify admin → Settings → Apps and sales channels. Click each app and review its permissions under "API access." For custom apps, go to Settings → Apps and sales channels → Develop apps and check the API scopes for each custom app. Look for any app with read/write access to customers, orders, or payment data that does not need it.
Do Shopify API tokens get revoked when I remove a staff member?
No. Removing a staff member revokes their Shopify admin login access, but any custom app API tokens they created remain active until manually revoked. This means ex-employees may still have token values that provide admin-level API access to your store. You must manually review and revoke these tokens in Settings → Apps → Develop apps.
What is the minimum API scope a Shopify chatbot app should have?
A chatbot app should have read_products (to answer product questions) and possibly read_orders (for order status lookups). It should never have write access to customers, orders, inventory, or store content. If your chatbot app has more permissions than this, it is overprivileged and you should contact the app developer to request reduced scopes.
How often should D2C brands audit their Shopify API permissions?
Every 90 days minimum. Quarterly API audits should review: which tokens exist, who created them, what scopes they have, whether the creator still works at the company, and whether the integration is still active. Additionally, rotate all API tokens every 90 days and immediately revoke tokens when any employee with API access leaves the company.
How Many Admin Tokens Are in Your Shopify Right Now?
Go check. Settings → Apps → Develop apps. Count the tokens. Count the ones created by people who no longer work there. If that number is not zero, you have a live breach vector.
Book a 30-minute API security audit. Mayur or Dhwani joins every call. We pull your full permission map, identify overprivileged tokens, and spec the fix. Written security brief inside a week. No deck. No SDR. Fixed-price if you move forward.
