Unable to grant the read_checkout scope permission [REST Admin API]

3 0 0

Hello, I requested that a store admin grant my API key the "read_checkout" permission but they cannot find this any where and granting the private app "All Permissions" also did not allow me to access this resource.


"errors": "[API] This action requires merchant approval for read_checkouts scope."


endpoint: https://{{api_key}}:{{api_password}}@{{store_name}}.myshopify.com/admin/api/2019-04/checkouts/{{checkout ID from the URL}}.json

The api key password and store name variables work fine for other resources like orders and customers.


We want to be able to retrieve a checkout with a GET request to confirm that "note_attributes" are being added to checkout without manually triggering an order to confirm we have the data we want attached to the new order.

Open to other ways of testing this if anyone has a suggestion. Else, where do we grant this permission? I read some place that the read permission comes with write permission, but we don't want to create or modify checkouts, which I believe is the purveyance of a Buy SDK app only, we just want to retrieve a checkout via its ID and read its "note_attributes". Any guidance much appreciated!


Thanks in advance



Shopify Partner
1149 131 192

I think the token should be originating from a Sales Channel app - https://help.shopify.com/en/api/guides/sales-channel-sdk and cannot be granted through the UI. Also, I believe sales channels are only available to non-private apps.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
Shopify Staff
Shopify Staff
618 45 84

Hi @d0tmatrix,


@Visely-Team is correct in that read and write checkouts scope is only available with a public sales channel app. You would need to create an app from the partner dashboard, specify that it's a sales channel in the setup section, and go through the oAuth process, ensuring you specify the checkout scopes there.


That said, it may make more sense to use the AJAX API on the front end to confirm that a note or note attributes are present before continuing to checkout.

1 Like