Access denied when create bulk operation query all orders using Shopify GraphQL Admin API

ShengLong · ‎11-02-2023

We are trying to submit our app and the review team ran into a problem that does not happen when we test the app with our development store. The app was trying to create a bulk operation to query all orders and it failed with the following error:

  2023-10-30 14:24:21:   {
  2023-10-30 14:24:21:     headers: {
  2023-10-30 14:24:21:       host: 'forecast.2-b.app',
  2023-10-30 14:24:21:       'x-forwarded-for': '34.73.119.92',
  2023-10-30 14:24:21:       connection: 'close',
  2023-10-30 14:24:21:       'content-length': '195',
  2023-10-30 14:24:21:       'user-agent': 'Shopify-Captain-Hook',
  2023-10-30 14:24:21:       accept: '*/*',
  2023-10-30 14:24:21:       'accept-encoding': 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
  2023-10-30 14:24:21:       'content-type': 'application/json',
  2023-10-30 14:24:21:       'x-shopify-api-version': '2023-07',
  2023-10-30 14:24:21:       'x-shopify-hmac-sha256': 'e2rowUaWcgwRngCCcE3eNZA02UCvy/KtlwlFsTbfpS8=',
  2023-10-30 14:24:21:       'x-shopify-shop-domain': 'eb0ac1-2.myshopify.com',
  2023-10-30 14:24:21:       'x-shopify-topic': 'bulk_operations/finish',
  2023-10-30 14:24:21:       'x-shopify-triggered-at': '2023-10-30T14:24:19.591861009Z',
  2023-10-30 14:24:21:       'x-shopify-webhook-id': '5a7488ac-e102-4b0a-baa5-ea1d755361e9'
  2023-10-30 14:24:21:     },
  2023-10-30 14:24:21:     body: {
  2023-10-30 14:24:21:       admin_graphql_api_id: 'gid://shopify/BulkOperation/1230569865238',
  2023-10-30 14:24:21:       completed_at: null,
  2023-10-30 14:24:21:       created_at: '2023-10-30T22:24:19+08:00',
  2023-10-30 14:24:21:       error_code: 'access_denied',
  2023-10-30 14:24:21:       status: 'failed',
  2023-10-30 14:24:21:       type: 'query'
  2023-10-30 14:24:21:     }
  2023-10-30 14:24:21:   }

It look like that we lack some permission to create a bulk operation. We have the following scopes: read_products,read_orders,read_all_orders,read_inventory. We also have request for Read all orders scope and Protected customer data access as the attached photos and it does work with our development stores. Can you please help us to figure out what we are missing here? Thanks.

Liam · ‎11-06-2023

Hi ShengLong,

Yes - I think that might be the problem. There should be info in the email sent to you on what changes are required for your app.

Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Liam · ‎11-02-2023

Hi ShengLong,

It does indeed look like there's a permissions issue happening here. When Shopify's review team is assessing your app, they'll go through the installation process and grant permissions based on the scopes you've requested.

When you say "We have the following scopes: read_products,read_orders,read_all_orders,read_inventory" Are these just manually enabled on your dev store or are you making requests for these scopes upfront during the initial installation?

Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

ShengLong · ‎11-02-2023

Thank you for your attention. Those are the scopes that we used to do OAuth with. Again, they are exactly the following

'read_products,read_orders,read_all_orders,read_inventory'.

Liam · ‎11-03-2023

For the protected customer data, are you requesting access via this method?

Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

ShengLong · ‎11-04-2023

We requested, and then they said that the request will be reviewed on app submitting. Today, I went there to check and here is what I saw

Is that the problem?

Thank you for your time.

Liam · ‎11-06-2023

Hi ShengLong,

Yes - I think that might be the problem. There should be info in the email sent to you on what changes are required for your app.

Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

kkang · ‎12-14-2023

Have you able to fix this issue? I had the same issue with order's bulk export, and I have all the permissions granted. After some debugging runs, I found out that I need to have a lower bound for search queries.

If my queries begins with an upper bound, or no bound, the job will receive a access_denied error code. E.g. query:

mutation {

bulkOperationRunQuery(

query: """

{

orders(query:"created_at:<2023-09-14") {

...

If the query has an lower bound, it will be fine. E.g.

mutation {

bulkOperationRunQuery(

query: """

{

orders(query:"created_at:>=2023-06-14 AND created_at:<2023-09-14") {

...

Is this a cost related issue? The mystery is, that takes places for one of my testing app, not for all apps.