Discount lookup API - without javascript?

New Member
15 0 0

Hi All,

 

I'm trying to use the discount lookup API endpoint but it doesn't use the normal X-Shopify-Access-Token. Instead it needs the user to be logged into the store admin.

 

Because of this, if we call this endpoint from our backend processes we can't load the final JSON because the API client isn't logged into the Shopify Admin.

 

https://help.shopify.com/en/api/reference/discounts/discountcode?api[version]=2019-07#lookup-2019-07

 

Is there any other way to use this, or a similar API to lookup a discount code without having to iterate all the price rules and then all the discount codes for a store?

 

Thanks!

0 Likes
Highlighted
Shopify Staff
Shopify Staff
472 35 91

Hi @ant-fx,

 

You must have admin access to the Shopify Store along with the relevant permissions in order to lookup discount codes.  This is because otherwise anyone would be able to find and use discount codes on a shop, which is obviously a security breach.

 

If you have access to the correct permissions you can the endpoint you mentioned to determine if a code exists in the Admin REST API:

/admin/api/{api_version}/discount_codes/lookup.json

Alternatively you can use the GraphQL Admin API to query a code as well, the query would look like this:

{
  codeDiscountNodeByCode(code: "TestCode") {
    id
    codeDiscount {
      __typename
      ... on DiscountCodeBasic {
        title
        summary
        codes (first:10) {
          edges {
            node {
              code
            }
          }
        }
      }
    }
  }
}

Hope that helps.

Developer Experience @ Shopify
0 Likes
New Member
15 0 0

Hi Ryan,

 

Thank you very much for your reply.

 

> You must have admin access to the Shopify Store along with the relevant permissions in order to lookup discount codes. This is because otherwise anyone would be able to find and use discount codes on a shop, which is obviously a security breach.

 

I understand but if the calling client provides an access token with the read_price_rules scope surely that should be enough permission without the client having to be logged into the admin panel?

 

> Alternatively you can use the GraphQL Admin API to query a code as well, the query would look like this:

 

This looks like something I could use but I keep getting an "access denied" error. I have confirmed theGraphQL is working fine with my access token (I can load the shop info and customer info using GraphQL) and the access token has the read_price_rules and write_price_rules scopes.

 

Is there a different permission required for using codeDiscountNodeByCode?

 

Thanks again

 

Mike

 

 

Here are the scopes the access token has:

 

  const requiredScopes = [
    'read_orders',
    'read_all_orders',
    'read_customers',
    'write_customers',
    'read_products',
    'read_script_tags',
    'write_script_tags',
    'read_fulfillments',
    'read_checkouts',
    'read_marketing_events',
    'write_marketing_events',
    'read_reports',
    'write_reports',
    'read_price_rules',
    'write_price_rules',
  ];
 
And here is the response from Shopify to the GraphQL query:

 

{
  "data": {
    "codeDiscountNodeByCode": null
  },
  "errors": [
    {
      "message": "access denied",
      "locations": [
        {
          "line": 3,
          "column": 3
        }
      ],
      "path": [
        "codeDiscountNodeByCode"
      ]
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 14,
      "actualQueryCost": 1,
      "throttleStatus": {
        "maximumAvailable": 1000.0,
        "currentlyAvailable": 999,
        "restoreRate": 50.0
      }
    }
  }
}
 
Here is my question, the discount code shown exists in my test shop:
 
curl -X POST \HTML
-H "Content-Type: application/graphql" \
-H "X-Shopify-Access-Token: REMOVED" \
-d '
{
  codeDiscountNodeByCode(code: "ALMOSTFREE") {
    id
    codeDiscount {
      __typename
      ... on DiscountCodeBasic {
        title
        summary
        codes (first:10) {
          edges {
            node {
              code
            }
          }
        }
      }
    }
  }
}
'
0 Likes
Shopify Staff
Shopify Staff
472 35 91

You shouldn't need to be logged into admin to do the search, can you provide a request-ID of that not working?


For the GraphQL endpoints you need read_discounts/write_discounts, they don't fall under price rules

 

Edit: Actually I think I might know the issue, the return for the lookup endpoint is a 303 redirect linking to the discount code in the admin.  You should turn off automatic redirects.

Developer Experience @ Shopify
0 Likes
New Member
15 0 0

>  For the GraphQL endpoints you need read_discounts/write_discounts, they don't fall under price rules

 

Great thanks! Somehow I missed that in the docs! I can get a valid response now so this looks like something I can use. I'd rather use the normal admin API if possible though.

 

> Actually I think I might know the issue, the return for the lookup endpoint is a 303 redirect linking to the discount code in the admin. You should turn off automatic redirects.

 

Here is the URL format I'm using (providing the access token that has the required discount code scopes)

 

https://somestore.myshopify.com/admin/api/2019-07/discount_codes/lookup.json?code=SOMEDISCOUNT

 

This is the response from the admin api, this is using CURL so redirects are not being followed:

 

<html><body>You are being <a href="https://somestore.myshopify.com/admin/price_rules/999664415787/discount_codes/9994290980907">redirected</a>.</body></html>

 

I would expect a normal JSON response like the rest of the admin api provides?

 

> Can you provide a request-ID of that not working?

 

I'm not sure where I would get that, the only response I get form the api is as shown above

0 Likes