ACCESS_DENIED for bulkOperationQuery webhook response

ACCESS_DENIED for bulkOperationQuery webhook response

andariel
Shopify Partner
2 0 0

Hi everyone!

 

I am developing an application, which is currently in a draft mode and I came across a problem that I am having troubles with.

 

So, the situation is the following - I have authorized on a test store my application with the following scopes requested (read_orders, read_checkouts, read_products, read_all_orders). For `read_all_orders` I had to request additional permission and went through a review process, which was then approved and in general I had obtained an access token for all of the scopes mentioned.

 

Now, I need to obtain a reference for all the orders that were made in a given store and for that purpose I've decided to subscribe for a certain topic `bulk_operations/finish` which, as stated, once finished successfully (or partially) would provide me with a download URL as part of the webhook payload.

 

In order to start the process, I initiated a GraphQL query with a very basic mutation, which I tested in the GraphQL App console and it successfully returned the payload with 2 test orders I made beforehand.

 

The query looks as follows:

{
    orders(first: 20) {
        nodes {
            id,
            customer {
                id
            },
            lineItems(first: 5) {
                edges {
                    node {
                        product {
                            id
                        }
                    }
                } 
            }
        }
    }
}

 which lead to the following mutation

mutation {
  bulkOperationRunQuery(
    query: """
    {
      orders(first: 2) {
        edges {
          node {
            id
            customer {
              id
            }
            lineItems(first: 5) {
              edges {
                node {
                  product {
                    id
                  }
                }
              }
            }
          }
        }
      }
    }
    """
  ) {
    bulkOperation {
      id
      status
    }
    userErrors {
      field
      message
    }
  }
}

and judging by the response I've received, the action was submitted successfully:

{
  "data": {
    "bulkOperationRunQuery": {
      "bulkOperation": {
        "id": "gid://shopify/BulkOperation/...",
        "status": "CREATED"
      },
      "userErrors": []
    }
  },
}

The problem occurs the moment I am hit with the webhook request, as it's indicating I don't have an access for the specified query

{
    "admin_graphql_api_id": "gid://shopify/BulkOperation/...",
    "completed_at": null,
    "created_at": "...",
    "error_code": "access_denied",
    "status": "failed",
    "type": "query"
}

I have other webhooks registered and they all work as expected, the correct response is provided, all of the validation checks are successfully passing, the authorization flow is also working as expected, so I am wondering what could I be missing? Is it some other scope, or something entirely different when it comes to performing bulk actions?

 

I don't think it's relevant in this situation, but anyway, I am using PHP as a development language.

If any sort of information is missing, don't hesitate to respond and I will provide it.

Reply 1 (1)

andariel
Shopify Partner
2 0 0

A small update on my side.

 

So, I've managed to find where the problem lies, but I am trying to figure out which scope I am missing.

 

I've modified the query and removed only the part where I want to pull the ID of the customer, who made the order and I was able to pull the list with all orders and products.

 

Then, I've went through the access scopes list once more and added 2 additional scopes to my app and generated new Access Token. The scopes I added are:

  - customer_read_orders

  - customer_read_customers (this one I believe it's not needed for this particular export, but I decided to test along with it anyway)

 

After I generated a new access token with the added scopes, I tried initiating a bulk export once again, but the same error for access_denied is thrown.

 

So, any tips and suggestions are more than welcome.