Policies require pages scopes. Reads use read_pages; writes use write_pages. Policies are a fixed set of five per store — privacy, terms, refund, shipping, and cookie — addressed by type, not by a generated id. The Store API exposes read, list, and update for the five policies plus translation reads and writes; there is no create or delete endpoint. Updates enforce the published limits and validation rules, can create a redirect when the slug changes, and cannot clear a source field while that field has translations. When the consent banner is active, its privacy and cookie policies cannot be unpublished. Translation writes additionally require write_translations. AI translation is not exposed through the Store API.
Endpoints#
Policy limits
Fetch Policy limits and per-field constraints.
Returns the per-field maximum lengths, enum values, and the fixed policy-type set that apply to Policy endpoints.
Headers
| Name | Type | Description |
|---|---|---|
Authorization
required
|
string |
Bearer Store API token. |
List policies
List all policies for the store.
Returns the store's fixed set of Policies — one row per policy type. There is no pagination: Policies are a fixed singleton set.
Headers
| Name | Type | Description |
|---|---|---|
Authorization
required
|
string |
Bearer Store API token. |
Get a policy
Fetch one policy by type.
Returns the Policy for the given type (privacy, terms, refund, shipping, or cookie).
Path parameters
| Name | Type | Description |
|---|---|---|
type
required
|
string |
Policy type: privacy, terms, refund, shipping, or cookie. |
Headers
| Name | Type | Description |
|---|---|---|
Authorization
required
|
string |
Bearer Store API token. |
Errors
-
400POLICY_TYPE_INVALIDType is not one of the fixed policy types.
-
404NOT_FOUNDThe policy row does not exist in this store.
Update a policy
Update one policy by type.
Updates provided fields on the existing fixed Policy row. Omitted fields are left unchanged. An empty slug resets to the default slug for the policy type. When slug changes, create_redirect controls whether the old policy URL redirects to the new one and defaults to true.
Path parameters
| Name | Type | Description |
|---|---|---|
type
required
|
string |
Policy type: privacy, terms, refund, shipping, or cookie. |
Headers
| Name | Type | Description |
|---|---|---|
Authorization
required
|
string |
Bearer Store API token. |
Body parameters
| Name | Type | Description |
|---|---|---|
title
|
string |
Policy title. When supplied, it must be non-empty after normalization. |
slug
|
string |
Optional slug. Omit to leave unchanged; send an empty string to reset to the default slug for the policy type. |
content
|
string |
Optional sanitized HTML content. |
seo_title
|
string |
Optional SEO title. |
seo_description
|
string |
Optional SEO description. |
status
|
string |
Policy status: draft or published. |
create_redirect
|
boolean |
When slug changes, create a redirect from the old policy URL to the new one. Defaults to true. |
Errors
-
400POLICY_TYPE_INVALIDType is not one of the fixed policy types.
-
400POLICY_TITLE_REQUIREDTitle is empty after normalization.
-
400POLICY_TITLE_TOO_LONGTitle exceeds the Policy contract max length.
-
400POLICY_SLUG_INVALID_FORMATSlug is not valid for Policy URLs.
-
400POLICY_SLUG_TOO_LONGSlug exceeds the Policy contract max length.
-
400POLICY_CONTENT_TOO_LONGContent exceeds the Policy contract max length.
-
400POLICY_SEO_TITLE_TOO_LONGSEO title exceeds the Policy contract max length.
-
400POLICY_SEO_DESCRIPTION_TOO_LONGSEO description exceeds the Policy contract max length.
-
400POLICY_STATUS_INVALIDStatus is not one of the allowed values.
-
400TRANSLATION_SOURCE_FIELD_HAS_TRANSLATIONSA source field cannot be cleared while it has translations in any locale.
-
409POLICY_SLUG_DUPLICATESlug already exists in this store's policies.
-
409POLICY_LOCKED_BY_CONSENT_BANNERThe active consent banner requires the privacy or cookie policy to remain published.
Fields#
Field |
Kind |
Create |
Update |
Required |
Translatable |
|---|---|---|---|---|---|
|
text |
No |
No |
No |
|
|
text |
No |
Yes |
Yes |
|
|
slug |
No |
Yes |
Yes |
|
|
rich_text |
No |
Yes |
Yes |
|
|
text |
No |
Yes |
Yes |
|
|
textarea |
No |
Yes |
Yes |
|
|
select |
No |
Yes |
No |
|
|
boolean |
No |
Yes |
No |
|
|
datetime |
No |
No |
No |
|
|
datetime |
No |
No |
No |
|
|
url |
No |
No |
No |
No |
Webhook events#
Policy webhook events are declared by the Policy resource contract. The event cards below include the topic, subscription scope, store permission, payload schema, and sample payload.
Policy updated
Fired when a store policy is updated.
Payload fields
| Field | Type | Description |
|---|---|---|
policy.id |
string |
Always present |
policy.type |
string |
Can be removed/added via the Payload builder |
policy.title |
string |
Can be removed/added via the Payload builder |
policy.slug |
string |
Can be removed/added via the Payload builder |
policy.content |
string |
Can be removed/added via the Payload builder |
policy.status |
string |
Can be removed/added via the Payload builder |
policy.seo_title |
string |
Can be removed/added via the Payload builder |
policy.seo_description |
string |
Can be removed/added via the Payload builder |
policy.created_at |
string |
Can be removed/added via the Payload builder |
policy.updated_at |
string |
Can be removed/added via the Payload builder |