Default API Token Access Changed?

Solved
Highlighted
Shopify Partner
1 0 3

We have been using the default (public) API Access Token on different sites to pull the latest product changes. At 4:55pm EST, these requests began getting denied. Have permissions on these default API Tokens changed? Just looking at https://status.shopify.com/, you can clearly see that "API Response Time" dropped to 70ms. I am assuming that this change took place at this time. Any help or info would be much appreciated! Thank you.

3 Likes
Community Manager
Community Manager
95 5 75

I've removed a post from this thread where a user was impersonating a Shopify staff member. For awareness Shopify employees have a rank of Shopify Staff and the Shopify logo appears on top of their avatar. Since I help manage this community I am shown as a Community Manager. Thanks! 

TyW | Community Manager @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Click Accept as Solution 

2 Likes
Shopify Staff
Shopify Staff
1054 17 146

Hey @guap,

 

What specifically do you mean by the default access token? Also if you wouldn't mind providing an example x-request-id response header to your failing requests I can take a look into what might be happening for you. Nothing's changed on our end to my knowledge, but we'll get this figured out in any case.

 

Cheers.

0 Likes
Tourist
25 0 3

I am having the same problem. It was working fine up until around 4:30-5:00 pm yesterday. I get access denied.


1 Like
Shopify Staff
Shopify Staff
1054 17 146

Hey everyone,

 

I can confirm that we shipped some validation to prevent the scraping of products/collections using the online store's storefront access token as this does not fall under supported use of our APIs.

 

Edit - I have added clarification in a later post

 

@Alex wrote:

Hey everyone, to clarify:

 

We have not disabled the storefront API itself. We have disabled the use of a specific access token which is intended to be used internally. Using the storefront access token leveraged by the storefront itself (not generated by one of yours apps) is what is considered non-supported use of the Shopify storefront API.

 

If any of you are having trouble using storefront access tokens you yourselves have generated in either a private app, or an app created in your partner dashboard, please feel free to let me know. Additionally, if there's any usage of this strategy in our documentation, also please let me know, since we certainly wouldn't intend this.

 

Using my own storefront access tokens is working without issue on my end, so I'd be curious to see if this is affecting any access tokens belonging to your apps. If that is the case, feel free to pass along information I can use to replicate on my end.



 

Cheers.

0 Likes
Tourist
25 0 3

I can't even do it to my brothers store. How do I get around this problem? I really do not want to change the permission scopes of his store nor I can't for he is in Europe.


@Alex wrote:

Hey everyone,

 

I can confirm that we shipped some validation to prevent the scraping of products/collections using the online store's storefront access token as this does not fall under supported use of our APIs.

 

Cheers.


 

0 Likes
Tourist
25 0 3

And frankly this should've been in the change-log. Thats not fair to the people that actually use the API for different reasons

1 Like
Tourist
5 0 1

I appreciate the update Alex. With this change, it seems like the main example use case for the graphQL endpoint no longer works. Will this be updated with an alternative option for getting product information?

https://help.shopify.com/en/api/custom-storefronts/storefront-api/getting-started

 

Thank you for your service and I appreciate any information you can provide even if it's not what we'd like to hear.

0 Likes
New Member
2 0 0

Hi @Alex, the storefront api token results in an access denied and Shopify has full documentation supporting the use of this here: 
https://help.shopify.com/en/api/custom-storefronts/storefront-api/getting-started

Why put it in and have it documented, then when we use this you take it down all of a sudden. How is this fair? 

0 Likes
New Member
2 0 0

Exactly! and they take this down unannounced as well. Very unprofessional. 

0 Likes