Policies

Policies require pages scopes. Reads use read_pages; writes use write_pages. Policies are a fixed set of five per store — privacy, terms, refund, shipping, and cookie — addressed by type, not by a generated id. The Store API exposes read, list, and update for the five policies plus translation reads and writes; there is no create or delete endpoint. Updates enforce the published limits and validation rules, can create a redirect when the slug changes, and cannot clear a source field while that field has translations. When the consent banner is active, its privacy and cookie policies cannot be unpublished. Translation writes additionally require write_translations. AI translation is not exposed through the Store API.

Endpoints#

Policy limits

GET read_pages

Fetch Policy limits and per-field constraints.

Returns the per-field maximum lengths, enum values, and the fixed policy-type set that apply to Policy endpoints.

Headers

Name Type Description
Authorization required string

Bearer Store API token.

List policies

GET read_pages

List all policies for the store.

Returns the store's fixed set of Policies — one row per policy type. There is no pagination: Policies are a fixed singleton set.

Headers

Name Type Description
Authorization required string

Bearer Store API token.

Get a policy

GET read_pages

Fetch one policy by type.

Returns the Policy for the given type (privacy, terms, refund, shipping, or cookie).

Path parameters

Name Type Description
type required string

Policy type: privacy, terms, refund, shipping, or cookie.

Example: privacy

Headers

Name Type Description
Authorization required string

Bearer Store API token.

Errors

  • 400 POLICY_TYPE_INVALID

    Type is not one of the fixed policy types.

  • 404 NOT_FOUND

    The policy row does not exist in this store.

Update a policy

PUT write_pages

Update one policy by type.

Updates provided fields on the existing fixed Policy row. Omitted fields are left unchanged. An empty slug resets to the default slug for the policy type. When slug changes, create_redirect controls whether the old policy URL redirects to the new one and defaults to true.

Path parameters

Name Type Description
type required string

Policy type: privacy, terms, refund, shipping, or cookie.

Example: privacy

Headers

Name Type Description
Authorization required string

Bearer Store API token.

Body parameters

Name Type Description
title string

Policy title. When supplied, it must be non-empty after normalization.

Example: Privacy policy
slug string

Optional slug. Omit to leave unchanged; send an empty string to reset to the default slug for the policy type.

Example: privacy-policy
content string

Optional sanitized HTML content.

Example: <p>How we handle your data.</p>
seo_title string

Optional SEO title.

Example: Privacy policy
seo_description string

Optional SEO description.

Example: How we handle your data.
status string

Policy status: draft or published.

Example: published
create_redirect boolean

When slug changes, create a redirect from the old policy URL to the new one. Defaults to true.

Example: true

Errors

  • 400 POLICY_TYPE_INVALID

    Type is not one of the fixed policy types.

  • 400 POLICY_TITLE_REQUIRED

    Title is empty after normalization.

  • 400 POLICY_TITLE_TOO_LONG

    Title exceeds the Policy contract max length.

  • 400 POLICY_SLUG_INVALID_FORMAT

    Slug is not valid for Policy URLs.

  • 400 POLICY_SLUG_TOO_LONG

    Slug exceeds the Policy contract max length.

  • 400 POLICY_CONTENT_TOO_LONG

    Content exceeds the Policy contract max length.

  • 400 POLICY_SEO_TITLE_TOO_LONG

    SEO title exceeds the Policy contract max length.

  • 400 POLICY_SEO_DESCRIPTION_TOO_LONG

    SEO description exceeds the Policy contract max length.

  • 400 POLICY_STATUS_INVALID

    Status is not one of the allowed values.

  • 400 TRANSLATION_SOURCE_FIELD_HAS_TRANSLATIONS

    A source field cannot be cleared while it has translations in any locale.

  • 409 POLICY_SLUG_DUPLICATE

    Slug already exists in this store's policies.

  • 409 POLICY_LOCKED_BY_CONSENT_BANNER

    The active consent banner requires the privacy or cookie policy to remain published.

Fields#

Field

Kind

Create

Update

Required

Translatable

type

text

No

No

No

title

text

No

Yes

Yes

slug

slug

No

Yes

Yes

content

rich_text

No

Yes

Yes

seo_title

text

No

Yes

Yes

seo_description

textarea

No

Yes

Yes

status

select

No

Yes

No

create_redirect

boolean

No

Yes

No

created_at

datetime

No

No

No

updated_at

datetime

No

No

No

storefront_url

url

No

No

No

No

Webhook events#

Policy webhook events are declared by the Policy resource contract. The event cards below include the topic, subscription scope, store permission, payload schema, and sample payload.

Policy updated

EVENT policies/update write_pages pages:write

Fired when a store policy is updated.

Payload fields

Field Type Description
policy.id string Always present
policy.type string Can be removed/added via the Payload builder
policy.title string Can be removed/added via the Payload builder
policy.slug string Can be removed/added via the Payload builder
policy.content string Can be removed/added via the Payload builder
policy.status string Can be removed/added via the Payload builder
policy.seo_title string Can be removed/added via the Payload builder
policy.seo_description string Can be removed/added via the Payload builder
policy.created_at string Can be removed/added via the Payload builder
policy.updated_at string Can be removed/added via the Payload builder