FlowRelay FlowRelay Docs Shopify Flow
Website → Start setup →
All docs pages

START

USE CASES

SET UP

OPERATE

RECOVER

AGENT ACCESS

REFERENCE

Agent Access

Grants and scopes

Use the lowest useful grant, make expiry deliberate, and keep hard boundaries around billing, secrets, raw event data, and grant management.

Choose the lowest useful grant #

Scope the grant to the task, endpoint, and time window the agent needs. Use expiry and revocation as normal controls, not exceptional cleanup.

Authority tiers #

Use these as customer-facing examples of grant shape. Exact scope identifiers belong in the Agent Operations API contract. Higher authority does not remove published plan usage limits.

TierAllowsDoes not allow
ObserverRead docs, manifest, setup summaries, event history, receipts, and redacted diagnostics state.Replay, sharing diagnostics, endpoint edits, secret rotation, billing, or grant changes.
OperatorComplete setup, create or edit endpoint setup, prepare endpoint tests, and submit structured support or expansion requests.Replay, diagnostics share creation, secret rotation, endpoint delete, billing, or grant changes.
Recovery OperatorUse Operator access plus replay preview/execute, diagnostics preview/create, and secret rotation through approved action previews.Self-escalation, endpoint delete, broad Shopify authority, billing approval, grant changes, or raw secret access.
Admin AssistantUse Recovery Operator access plus permanent delete for archived endpoints and the shipped Agent Operations scopes for this store.Shopify billing approval, app install/uninstall, Shopify staff changes, grant self-escalation, Shopify Flow edits without separate authorization, or raw event-body/secret bypass.

Audit #

Sensitive reads, action previews, confirmations, replays, diagnostics shares, endpoint edits, and secret rotations leave audit context that preserves human or authorized-agent attribution.

Usage is separate from authority #

A grant may authorize an operation and still be refused when a published usage limit is reached. Ask agents to inspect /agent/v1/plan-usage before high-volume work and to reduce unnecessary reads or previews when a meter is near its limit.

Operating rules

Use these controls to keep agent access scoped and reversible.

  1. 01Identify the job the agent is allowed to perform, such as setup inspection, event investigation, or recovery preparation.
  2. 02Choose the lowest authority tier and scopes that cover that job.
  3. 03Remember that authority controls what an agent may do; usage limits still control how much automated work can run in the plan period.
  4. 04Use a bounded expiry unless the merchant explicitly accepts the risk of longer access.
  5. 05Revoke the grant when the work is finished or when the partner no longer needs access.
  6. 06Review audit entries for sensitive reads, action previews, confirmations, replays, and diagnostics shares.