Creating Draft Order using GraphQL, getting Access denied error

Creating Draft Order using GraphQL, getting Access denied error

Namita
Shopify Partner
6 0 1

I checked scopes for my store and write_draft_orders is already there still getting below error

can you please help me to solve this

error message from shopify

 

{
    "errors": [
        {
            "message": "Access denied for draftOrderCreate field. Required access: `write_draft_orders` access scope. Also: The user must have access to manage draft orders.",
            "locations": [
                {
                    "line": 5,
                    "column": 13
                }
            ],
            "path": [
                "draftOrderCreate"
            ],
            "extensions": {
                "code": "ACCESS_DENIED",
                "documentation": "https://shopify.dev/api/usage/access-scopes",
                "requiredAccess": "`write_draft_orders` access scope. Also: The user must have access to manage draft orders."
            }
        }
    ],
    "data": {
        "draftOrderCreate": null
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 10,
            "actualQueryCost": 10,
            "throttleStatus": {
                "maximumAvailable": 2000.0,
                "currentlyAvailable": 1990,
                "restoreRate": 100.0
            }
        }
    }
}
Reply 1 (1)

ShopifyDevSup
Shopify Staff
1453 238 511

Hi @Namita,


If the app does have the required write_draft_orders scope, it's also important to know that if you are making the call from an embedded app in the Shopify Admin, including the Shopify GraphiQL App, the staff member that is logged into the admin when making the call does also need to have the write_draft_orders permission as well. You can review staff permissions in the admin following these Help Center documentation, ensuring the staff has the view and create and edit permissions for Draft Orders.
 

If you've confirmed that the issue is not due to the user or app permissions we can definitely help you look into this further, though we will need you to reach out to our Support Team directly to help authenticate on the store and look into this further with specific examples.

If you can please gather the following context to provide to our support team:

 

  • Which App is making the API call? (URL of app in store admin is best)
  • Is the issue happening for multiple stores or just one? Please include one or more specific store URL's.
  • What version of the API is being used? eg. 2023-10 [Shopify API Versioning]
  • What is the scope of the issue? eg. Is it happening only via the API or is there an aspect that affects the admin or storefront as well?
  • Is this issue occurring when making the call via a different API client like Postman or via a direct CURL call?
  • Please provide us with some details on a specific example where this occurred in the last 14 days, including:
    • Timestamp when this occurred
    • Full HTTP Request Body and Headers (no private keys or access tokens shared)
    • Full HTTP Response Body and Headers (no private keys or access tokens shared)
    • if you are unable to provide the full response, please be sure to provide at least the timestamp and the x-request-id from the response headers to help us find the call in our internal logs
       

Once you've gathered the information above, please do reach out via our  Shopify Help Center, and our Support Team can help with further troubleshooting.

 

I hope this helps, and I hope you have a great day 🙂

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog