Focuses on API authentication, access scopes, and permission management.
Hi there, when we call the shop endpoint of our testing site - "https://xxx.myshopify.com/admin/api/2023-01/shop.json", Shopify returns 403 with message "API Access has been disabled". The request id is: b3c0abc3-b8a6-4a30-8a1e-9a1b17c7c75e
We started getting this error in the last week, it works fine before. Please help!
Hi Jarondai,
It appears that your app might have lost its permissions, or there could be a temporary issue with the API/ or app. Here are a few things you can try to resolve this:
Check API Permissions: Make sure that the app still has the required permissions to access the shop endpoint. Sometimes permissions can be revoked due to changes in settings or policies.
Reinstall the App: Uninstall and reinstall the app. This can help reset the permissions might solve the issue.
Check for API Limitations: Shopify implements API rate limits, which if exceeded, could lead to a temporary restriction of API access.
Try the above and let us know if you're still seeing issues,
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Hello, Liam!
I am having the same problem on our test app during the OAuth process. I've followed your recommendations to fix it:
1. The API Permissions check for already issued token fails: GET `admin/oauth/access_scopes.json` returns 403 with message "API Access has been disabled" (`X-Request-ID: f93069aa-1e29-46e0-af33-8d46de9db4c1`)
2.I've started to debug the OAuth process. During the app reinstallation on a development store it fails to complete the OAuth process. When it gets a fresh permanent offline token, it checks the scopes, they appear as expected. Then, in debug purposes, it makes a GET `admin/oauth/access_scopes.json` request and it responds with the same 403 error. (ex. `X-Request-ID: 058c7fc9-ae8f-4431-8f53-a14fc1ed5bde`)
3. I've checked the rate limit headers, although it's our testing app and nobody uses it except for me. It does not have any rate limit errors, nor the `X-Shopify-Shop-Api-Call-Limit` header. I left this issue for the weekend, hoping that it could be a temporary problem, but it still appears to be an issue.
We've noticed this error a week ago, it used to work fine before. Please let me know if I could provide some extra info.
Hi Darika,
Which API version is your app making calls to? Also, since the issue arises during the OAuth process and reinstallation, there might be an issue in the way the app is installed or the process of obtaining the access token? Ensure that the access token is being stored and used correctly.
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Hello, Liam,
Thank you for your reply.
The OAuth API is not versioned as far as I know, so the request is GET `https://{shop}.myshopify.com/admin/oauth/access_scopes.json` with the X-Shopify-Access-Token header.
As for the Admin REST API we use the 2023-04 version, ex.: `https://{shop}.myshopify.com/admin/api/2023-04/shop.json`, so it's still supported.
I've debugged the OAuth process and reinstallation process very carefully and it used to work, so I honestly can't see why it could produce such an error. I've checked step by step according this documentation https://shopify.dev/docs/apps/auth/oauth/getting-started
The access scope request is made programmatically immediately after it has been issued by Shopify in debug purposes, so it's not likely that it's a storage or usage issue. Could there be any other reason for the permanent offline token to be revoked right after it's been issued?
Did you find a solution for this? We are facing the same issue. Tried uninstalling/reinstalling app. Tried updating/resetting Protected Customer Data Access. Nothing works. I suspect it has something to do with Protected Data as ours says draft, though there is some reference that this should work on a development store without review. We are definitely not at any quota limit either.
Same issue for us. Any resolution?
Were you able to find a solution for this issue?
We are having the same issue and I had the same hypothesis -> Protected Data is draft
Hey @cristiduma and @jarondai ,
Since you're getting an access has been disabled error, that doesn't seem to be a protected customer data, as that would typically return null responses for the fields you don't have access.
I suspect the issue could be using an access token that has been revoked or rotated. If you're certain you are making the request and your app has the necessary scopes, and you're using a current access token and still getting that error, reach out to our support teams with the details of the error, your app and the request so we can look in to that further.
Hope that helps,
- Kyle G.
Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog