Storefront API returns 403 even with "X-Shopify-Storefront-Access-Token"

kkBloomreach
New Member
3 0 0

This seems to be similar to "https://community.shopify.com/c/Shopify-APIs-SDKs/Accessing-Storefront-API-with-curl-and-GraphiQL-wo...

As explained in that related post, we have taken care of permissions as well. Still status is 403. Following is the fetch call:

let END_POINT_RAW="https://<shopname>.myshopify.com/api/2021-01/graphql.json"

function fetchBody_SHOP () {
 return {
      'method': 'POST',
      'crossDomain': true,
      'async': true,
      'mode': 'no-cors',
      'headers': {
             'Content-Type': 'application/graphql',
             'X-Shopify-Storefront-Access-Token': '<storefront_access_token>',
       },
       'body': 'query { shop { name } }'
  };
}

function respCallback (res) {
      if (!res.ok) {
           console.log ("resp not ok");
      } else {
           console.log ("resp ok");
      }
}

const result = fetch (END_POINT_RAW, fetchBody_SHOP ())
                                .then (res => respCallback (res))
                                .catch (err => errCallback (err));

Error msg (displayed in chrome-debugger-console):

https://<shopname>.myshopify.com/api/2021-01/graphql.json - 403

resp not ok

The 'res' object type is "opaque". So, don't know what further needs to be changed/adjusted/

Interesting to note, if we use the https url with API_KEY and API_PASSWORD, we do receive expected data.

"https://%s:%s@%s.myshopify.com/admin/api/%s/graphql.json" % (API_KEY, API_PASSWORD, SHOP_NAME, API_VERSION)

However using the "X-Shopify-Storefront-Access-Token" in fetch method, we get 403.

 

0 Likes
CalD
Shopify Staff
Shopify Staff
97 10 13

Hey @kkBloomreach,

Can you send over a request-id for an example request that returned this in the last 10 days?

CalD | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
kkBloomreach
New Member
3 0 0

How / where can I find the 'request-id' ? I just re-ran the code and it still returns 403

 

0 Likes
CalD
Shopify Staff
Shopify Staff
97 10 13

Hi @kkBloomreach,

The 'x-request-id' is a response header returned from the API. You're using an opaque response, so you likely won't be able to log this from your app, but can you try to make requests to the storefront API and that storefront access token with an API client of your choice like Postman or Insomnia?

CalD | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes