Focuses on API authentication, access scopes, and permission management.
Hi,
I'm building a custom storefront app for a Shopify app and I've been using Postman to save and test my Storefront API requests for the past couple of weeks. Today I tested some API calls in quick succession. First few calls were successful. Then all calls started returning 403 Access Denied error.
I thought it might have been due to me testing the API calls too quickly so I waited for about 6 hours to try again but no luck still. I tried to send the API calls from RapidAPI (another API testing tool like Postman) and I still get the same error. Here are the response headers I receive.
Strangely a fellow developer of mine who's not at the same location as myself is not facing this issue. I'm not sure what caused this or how to resolve this. Any help would be greatly appreciated.
Hi Cenisuru,
A 403 Access Denied error usually indicates an issue with the permissions, not with the rate limits. Here are a few things you can check:
Incorrect Access Token: Check if you are using the correct access token. If the access token is incorrect, you'll receive a 403 error.
Storefront API Scope: Make sure your app has the necessary Storefront API scopes. If your app doesn't have the required permissions, Shopify will return a 403 error.
IP Restrictions: Check if there are any IP restrictions set up your access token. If your IP is not whitelisted, you might receive a 403 error.
You could also try running the same request in terminal with a curl request or similar, with your API key to see if there's some configuration issue on Postman which could be causing this.
Hope this helps!
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Thanks for the response, Liam. My IP might have been flagged by Cloudfront. I just re-tried today and it looks like the restriction has been lifted. Now I can send API calls again on Postman.