Shopify: Add new development stores without permission

Details A staff member who only has permission to add and remove managed stores can also create development stores. It appears proper permission checks are not performed when /organizationID/stores/signupobject/devstore endpoint is queried, as long as a staff member has store access, a token is...

Shopify: Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)

Hi, Description I have found a way to bypass the password page of a shopify preview URL for new development stores created as of August 17, 2020. Currenty, with older development stores, when we share a preview url with someone, we are able to see the content of the store without having to enter ...

Shopify: Removed staff members who had "Manage shops" permission can still create development stores

Details: It's been found that staff members of an organization in partners.shopify.com can have a permission to manage shops and those with that permission can create development stores that will be associated with the organization. When a staff member tries to create a development store, a POST...