Features Description & Permissions
Description of the features and permissions needed by the App
TOTUS uses and stores the minimal amount of data needed to provide services. The functionality differs depending on what is enabled in the app. Our goal is always to limit the data we need for real-time processing and only store the essential data for the fulfillment, fraud, settlement, and reporting.
App Installation
When the app is installed, we store information about the store and ask for different permissions on the API.
| Feature | Description | Shopify APIs/Scopes | Usage and Storage |
|---|---|---|---|
| App Installation | Ability to install and uninstall the App | Shop Webhooks, read/write Fulfillments | Shop Details, including name, physical address, and URLs for the store. Webhooks that are mandatory for Shopify. The Shop's API key is encrypted and stored. Key rotation is yearly. The Fulfillments set up TOTUS as a fulfillment provider that can be associated with products. |
| App uninstall | Ability to uninstall the app | Webhook | The app is marked as uninstalled and encrypted key is removed (Shopify also limits further access) |
| Permission Scopes | "read_orders", "read_customers", "write_gift_cards", "read_gift_cards", "read_gift_card_adjustments", "write_gift_card_adjustments", "read_assigned_fulfillment_orders", "write_assigned_fulfillment_orders", "read_products", "write_products", "write_fulfillments", "read_fulfillments" | These are the scopes that are requested when the app is installed. |
1st Party Features
The 1st Party features need access to the Gift Cards, Orders, Order Fulfillment, and Order Transactions data within Shopify.
| Feature | Description | Shopify APIs/Scopes | Usage and Storage |
|---|---|---|---|
| Customer Service | Provide customer service capabilities to our backend to service the cardholders and cards. This includes looking up Gift cards using the id and codes and viewing customer details and orders for both fulfillment and redemptions. | Gift Cards, Orders, Order Transaction ,Customers | Gift Card details are stored. Customer data is viewed but not stored. Order data is viewed but not stored. |
| Compliance/Legal | Provide the ability to remove or add funds from the card. Disable the card if full funds are removed and report usage of the cards. | Gift Cards , Orders , Order Transaction | Gift Card details are stored. Order Ids, dates, and Order Transaction Ids and dates are stored. |
| Settlement | Ability to track activations, fulfillment, redemptions, voids, and refunds for the TOTUS-issued Gift Cards. | Gift Cards, Orders, Order Transaction, Customers, | Gift Card details are stored. Order Ids, Order Transaction Ids and dates. Store details related to the order, including the type of transaction and location. |
Digital
| Feature | Description | Shopify APIs/Scopes | Usage and Storage |
|---|---|---|---|
| Activation/Fulfillment | Ability to fulfill digital cards either through the built-in Shopify functionality or through custom features. | Gift Cards. Order Fulfillment. Orders. Order Transaction Customers | Gift Card details are stored. Order ids, order fulfillment ids and dates are stored. Limited customer data, including name, email, and phone number |
Physical
| Feature | Description | Shopify APIs/Scopes | Usage and Storage |
|---|---|---|---|
| Activation/Fulfillment | Ability to fulfill physical cards either through the built-in Shopify functionality or through custom features. | Gift Cards. Order Fulfillment. Orders. Order Transaction Customers | Gift Card details are stored. Order ids, order fulfillment ids and dates are stored. Limited customer data, including name, email and phone number, and shipping address. |
3rd Party Features
The 1st Party features need access to the Gift Cards, Orders, and Order Transactions data within Shopify.
| Feature | Description | Shopify APIs/Scopes | Usage and Storage |
|---|---|---|---|
| Customer Service | Provide customer service capabilities to our backend to service the cardholders and cards. This includes looking up Gift cards using the id and codes and viewing customer details and orders for both fulfillment and redemptions. | Gift Cards, Orders, Order Transaction, Customers | Gift Card details are stored. Customer data is viewed but not stored. Order data is viewed but not stored. |
| Compliance/Legal | Provide the ability to remove or add funds from the card. Disable the card if full funds are removed and report usage of the cards. | Gift Cards, Orders, Order Transaction | Gift Card details are stored. Order Ids, dates, and Order Transaction Ids and dates are stored. |
| Activation | Inserts new Gift Cards into the store based on activations in 3rd party B2B or Retail | Gift Cards | Gift Card details are stored along with additional information associated with the channel the card was activated. |
| Settlement | Ability to track activations, fulfillment, redemptions, voids, and refunds for the TOTUS-issued Gift Cards. | Gift Cards, Orders, Order Transaction, Customers, | Gift Card details are stored. Order Ids, Order Transaction Ids and dates. Store details related to the order, including the type of transaction and location. |
Shopify Reporting
Shopify standard reporting will work with TOTUS cards. There are several ways to identify TOTUS managed cards in Shopify.
| Reporting Identifier | Description |
|---|---|
| API_CLIENT_ID | The TOTUS API key is present on the gift card resource when you retrieve from Shopify. API_CLIENT_ID / APP_ID is 2748383233 |
| Notes | The TOTUS Issued cards will contain "Issued by Totus" in the Notes Field. Be aware, notes can be changed or deleted. |
Updated over 2 years ago