Question about how to grant read_inventory access for a private app

New Member
2 0 0

Dear Community,

we are having trouble to enable read_inventory on our private apps. Even when being logged in as store owner we cannot activate read_inventory for our private app.

Where can the store owner grant access to read_inventory for a private app?

They way via "Manage your private apps".

Many thanks,
Best,
Stefan

0 Likes
Shopify Partner
871 76 189
New Member
2 0 0

Thank you very much. Yes that is the description we followed:

strwrft_0-1606845269303.png

strwrft_1-1606845279813.png


As you can see there is no button / mechanism to change the permissions either being logged in as Administrator or Store Owner.

 

0 Likes
Shopify Partner
871 76 189

You are logged into the shop as an admin, but the scope permissions to the Admin API are requested/granted by the private app itself. That's where you need to use an OAuth request with the necessary scopes listed. See Step #2 here --> https://shopify.dev/tutorials/authenticate-with-oauth. You see, the logged-in Shopify user is one thing. But that's just the user that grants permission to the private app to interface with the Shopify shop. The private app has to request the proper access scopes as part of the OAuth step.

 

From the docs....

 

To show the prompt, redirect the user to the following URL with the query parameters defined below:

Copy
https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}&state={nonce}&grant_options[]={access_mode}
  • {shop}: The name of the user’s shop.
  • {api_key}: The app’s API Key.
  • {scopes}: A comma-separated list of scopes. For example, to write orders and read customers, use scope=write_orders,read_customers. Any permission to write a resource includes the permission to read it.
  • {redirect_uri}: The URL to which a user is redirected after authorizing the client. The complete URL specified here must be added to your app as an allowed redirection URL, as defined in the Partner Dashboard.

    Note

    In older apps, this parameter was optional and redirected to the application callback URL, defined in the Partner Dashboard, when no other value was specified.

  • {nonce}: A randomly selected value provided by your app that is unique for each authorization request. During the OAuth callback, your app must check that this value matches the one you provided during authorization. This mechanism is important for the security of your app.

  • {access_mode}: Sets access mode. Defaults to offline access mode if left blank or omitted. Set to per-user for online access mode.

 

0 Likes