"API Access has been disabled": what does it mean?

Highlighted
Shopify Partner
660 0 119

A staff store recently installed our app and after a few days the REST api is returning an error "API Access has been disabled".

Given it's a staff account, I'm not too concerned, but I'm still curious what this means?

How does it get into that state and can it happen to a real store?

Thanks

Clement

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1555 81 282

Hey Clement.

I can see the case you're talking about. Your API permission will have gotten into this state as a result of the staff member disabling it themselves on their shop with our internal tooling. I can't speak for what they're up to personally but you should have nothing to worry about.

Cheers!

0 Likes
Highlighted
Shopify Partner
660 0 119

Thanks Alex.

One piece of feedback: it would be much cleaner if this tool issued an app/uninstalled webhook rather than invalidating the access token without any notice.

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1555 81 282

To add more detail: it’s actially a state the api permission is in, rather than it being revoked. Regaining access through that permission on our end is a matter of flipping a value from false to true on that object, so it doesn’t fully align with app/uninstalled.

I see what you’re getting at with the feedback though and a way to know when this happens regardless makes sense, so noted!

0 Likes
Highlighted
Shopify Partner
660 0 119

Hmm that's not cool, we're still receiving webhook requests for this store!

How are we supposed to remove these now?

This doesn't seem like the internal tooling is cleaning things up properly.

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1555 81 282

Hey Clement.

I don't think it'd make too much sense to clean up resources created by your app if that's what you mean, since I assume you'd still want them to be there when the api access is reinstated. It does make sense however to perhaps not bother you with webhooks if your access is currently disabled.

At any rate doing this is usually meant to be on a pretty temporary basis and saw no reason not to switch it back on for you, so you should have access again.

Cheers!

0 Likes
Highlighted
Shopify Partner
660 0 119

Hi Alex,

For some reason I didn't receive an email for your previous message and I had missed it when I last posted.

I was under the impression this was effetively the same as an uninstall, so I had mark this store as uninstalled in our app.

Regarding webhoooks. When our app receives a webhook, sometimes we call back into the REST api to load additional details. But in this instance, even though we are receiving webhooks, we cannot call back into the REST api because the access token is "disabled".

So these webhook requests are basically stuck in our queue and we must manually clear them.

I hope this clarifies why this is painful. I'd much rather not receive any webhooks if I cannot process them succesfully.

Thanks again.

0 Likes
Highlighted
Shopify Partner
660 0 119

Oh and the other thing is that I have no way of removing those webhooks myself.

0 Likes
Highlighted
Shopify Partner
660 0 119

seriously though, how can we get those webhooks deleted?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1555 81 282

Hey Clement.

Sorry, I could have been clearer. Or maybe I misunderstood. Do you presently still not have the ability to remove the webhooks on the staff shop in question since I switched API access back on, or do you mean in general during these situations?

If the latter, you wouldn't really be able to until access was re-enabled by someone over here. With that being said, it isn't exactly proper form to leave access disabled for any app without a disclosed reason.

Cheers.

0 Likes