Focuses on API authentication, access scopes, and permission management.
Hello Shopify community,
I'm currently working on a headless store using Next.js and the Shopify Storefront API, and I'm encountering some difficulties with the customerCreate mutation. Specifically, I'm trying to allow customers to create accounts and track their orders using GraphQL.
I understand that the customerCreate mutation requires the unauthenticated_write_customers access scope, and I've taken steps to add this scope to my custom app (I have only created a custom app and 'Installed' it, not sure if I need to do more, because it doesn't show up in my 'Apps and sales channels', but only in the 'develop apps' tab). However, I'm still facing issues with this setup.
Here's what I've done so far:
I created a custom app named "Custom GraphQL app" and added the unauthenticated_write_customers access scope, along with some other scopes related to checkout.
I've tried testing the customerCreate mutation in the normal GraphiQL interface, but I keep receiving the error message: "Access denied for customerCreate field. Required access: unauthenticated_write_customers access scope."
When I attempt to use this mutation in my headless store, I receive a 401 error.
I'm not entirely sure if I'm going about this the right way, and I would greatly appreciate any guidance on how to properly configure my app and use the customerCreate mutation to allow customers to create accounts.
Has anyone encountered a similar issue or can provide insights into how to successfully set up this functionality? Any help or advice would be highly appreciated.
Thank you in advance!
Best regards, Alexander
Solved! Go to the solution
This is an accepted solution.
Okay, managed to solve it, deleted the custom apps, added a new custom app with JUST the customer / checkout permissions (so just the bare minimum), used this apps access token and it ended up working, it just doesn't work in the GraphiQL Interface for some reason, but thats fine i guess :).
This is an accepted solution.
Okay, managed to solve it, deleted the custom apps, added a new custom app with JUST the customer / checkout permissions (so just the bare minimum), used this apps access token and it ended up working, it just doesn't work in the GraphiQL Interface for some reason, but thats fine i guess :).