Cannot POST to /admin/checkouts.json with public sales channel app, write checkouts enabled

Highlighted
New Member
2 0 0

Hi, we have custom javascript application which is trying to utilize the Shopify APIs to retrieve products and create custom orders/checkouts.
Our Shopify public application is enabled as a sales channel, and I've enabled write access to the checkouts endpoint. It is also converted to a private application, which we utilize for other endpoints (ie. the admin api).
When trying to POST to the /admin/checkouts.json, it keeps coming back with the error:
{ errors: '[API] This action requires merchant approval for write_checkouts scope.' }

I wasn't sure if I was using the correct API keys, so I tried between the public api API Key+Secret, as well as the private app's API Key+Password. The former says invalid API Key, and the latter gives the above error.

You can see from the attached screenshots that the public app is enabled as a sales channel, and has write permissions for checkouts.

Does the public application have to be verified or approved by Shopify before we can utilize this endpoint? In that case, will be still be able to test it while in development mode? Or otherwise, are we doing something wrong here?

0 Likes
Shopify Staff
Shopify Staff
1555 79 240

Hey there,

 

Would you mind sharing X-Request-Ids from one or more of your response headers? That will help me to more accurately zero in on these instances in our logs and hopefully let you know what's going on based on that.

 

Cheers.

0 Likes
New Member
2 0 0
Thanks for the response. Here’s the response from Shopify. The X-Request-Id is at the bottom.

'Server',
'nginx',
'Date',
'Thu, 17 Jan 2019 21:03:24 GMT',
'Content-Type',
'application/json; charset=utf-8',
'Transfer-Encoding',
'chunked',
'Connection',
'close',
'X-Sorting-Hat-PodId',
'80',
'X-Sorting-Hat-PodId-Cached',
'1',
'X-Sorting-Hat-ShopId',
'2085617745',
'X-Sorting-Hat-PrivacyLevel',
'default',
'X-Sorting-Hat-FeatureSet',
'default',
'X-Sorting-Hat-Section',
'pod',
'X-Sorting-Hat-ShopId-Cached',
'1',
'Referrer-Policy',
'origin-when-cross-origin',
'X-Frame-Options',
'DENY',
'X-ShopId',
'2085617745',
'X-ShardId',
'80',
'WWW-Authenticate',
'Basic Realm="Shopify API Authentication"',
'Strict-Transport-Security',
'max-age=7889238',
'X-Request-Id',
'd6158cd3-530c-48a6-ad14-eec17fe00717',
'X-Shopify-Stage',
'production’,

and the endpoint that went to is exactly:

POST
https://{{shopify_public_app_api_key}}:{{shopify_public_app_api_secret_key}}@kkandjay.myshopify.com/admin/checkouts.json

so:

X-Request-Id',
'd6158cd3-530c-48a6-ad14-eec17fe00717',
0 Likes