403 Forbidden This action requires merchant approval for read_orders scope on Order API call

4 1 0

I'm making a simple Order API call on a specific order item that I know was made within the last 60 days and I still get a 403 error. I don't think I need to make a special request to have access to "read all orders" either because I'm making a specific request on a single order. This is a Rails app run on Heroku that was set up using the shopify_app Quickstart guide. The line of code in the home_controller.rb looks like this:


 @Orders = [1003].collect {|order_id| ShopifyAPI::Order.find(order_id)}


I've configured the auth to make sure I have read order access:


config.scope = "read_products, read_orders"


This has been already brought up in several posts, but none have a clear solution even though they are resolved.

This one suggests the Ruby version could be the problem but I'm already on a newer Ruby version 2.6.3 and I still have this issue.

In this one, the OP resolves it as it was a Shopify plan issue. I don't understand why the Shopify plan has to do with being able to read order information, at least on a custom app for a development store. Where in the documentation does it mention this? If it is the case, what "plan" do I need to be on?

This seems to be a very basic case and I don't think I'm asking for much. Any help is appreciated.

Shopify Partner
1016 83 226

To totally eliminate anything potentially out of whack on the Rail Heroku end, have you tried just making the API request directly using cURL, Postman, etc.? If that fails as well then you need to ensure that your have authorized the custom app through the app install routine. Described here --> https://shopify.dev/tutorials/authenticate-a-custom-app-with-oauth. You can always check what scope your API token as access to by looking here --> https://shopify.dev/docs/admin-api/rest/reference/access/accessscope

Hope this helps a little at least!

4 1 0

This is an accepted solution.

Finally got the Order API call to succeed!

Your suggestion helped me just run through the whole process again and I realized the mistake I made was that I didn't have `read_orders` scope set in the `shopify_app.rb` configuration file when I deployed it and installed my app. I had modified the access scope in the configuration *afterwards*, not knowing that the scope was already locked in and I had to re-install it to change it.

Clumsy mistake on my part. Thanks for the help!