Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Permissions missing for GraphiQL

Solved

Permissions missing for GraphiQL

Laurentiu23
Shopify Partner
6 0 1

Hi everyone,

 

I am looking into the returns management capabilities of the Admin GraphQL API. I am experimenting with various queries and mutations using the Shopify GraphiQL App.

 

I am using the unstable version of the API, since that is the only one supporting returns-related queries and mutations.

 

For a lot of the queries, I am getting "access denied" errors (samples below). It seems like the GraphiQL app does not have the correct scope assigned (write_returns for example). However, I can find no way to edit those scopes. 

 

Note that this works for the API key I have generated to hit this endpoint using Postman/other apps. However, I need to edit GraphiQL's permissions, so I can also get the schema and auto-fill feature.

 

Did anyone else encounter this/Knows a fix for it? Thanks.

 

Sample query:

 

{
  returnableFulfillments (orderId: "gid://shopify/Order/1234") {
    edges {
      node {
        id
      }
    }
  }
}

Sample response:

 

{
  "data": null,
  "errors": [
    {
      "message": "Access denied for returnableFulfillments field.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "returnableFulfillments"
      ],
      "extensions": {
        "code": "ACCESS_DENIED",
        "documentation": "https://shopify.dev/api/usage/access-scopes"
      }
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 2,
      "actualQueryCost": 2,
      "throttleStatus": {
        "maximumAvailable": 1000,
        "currentlyAvailable": 998,
        "restoreRate": 50
      }
    }
  }
}

 

Accepted Solution (1)
ShopifyDevSup
Shopify Staff
1453 238 518

This is an accepted solution.

Hi Laurentiu23,

 

That's correct the Shopify GraphiQL Explorer App doesn't have access to the returns scopes at this time. 

 

Currently the next simplest alternative would be to [create a store based custom app] and use the secret key from that in an API testing tool like [Insomnia] or [Postman]. 

 

The read_returns and write_returns scopes are available [in the Admin API scope selection list] for store based custom apps.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Replies 4 (4)

ShopifyDevSup
Shopify Staff
1453 238 518

Hi Laurentiu23,

 

There's a Returns API in beta right now [public announcement] [documentation] which is why it's only available in the unstable version and it's not recommended for production use yet. 

 

The returnableFulfillments query looks at [the ReturnableFulfillment object] which requires a new read_returns access scope in addition to read_orders or read_marketplace_orders to be able to read it so adding that scope to the app that's testing should get it working.

 

 

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Laurentiu23
Shopify Partner
6 0 1

Hi, thank you for your reply. 

So the app (GraphiQL) only has the current production scopes, but not the new return ones? I don't quite understand how to update the scopes for this app? There is an "app settings" menu where I can see its current scopes, but I can't edit them. Neither could I select them when installing the GraphiQL app.

ShopifyDevSup
Shopify Staff
1453 238 518

This is an accepted solution.

Hi Laurentiu23,

 

That's correct the Shopify GraphiQL Explorer App doesn't have access to the returns scopes at this time. 

 

Currently the next simplest alternative would be to [create a store based custom app] and use the secret key from that in an API testing tool like [Insomnia] or [Postman]. 

 

The read_returns and write_returns scopes are available [in the Admin API scope selection list] for store based custom apps.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Laurentiu23
Shopify Partner
6 0 1

Hello,

 

Thank you, that makes sense. And it fully answers my question. 😄

 

For anyone else that might encounter this issue in the future, note that Insomnia is my client of choice, because it correctly obtains the schema from the server, allowing me to figure out how to build queries and mutations in the app. I have not managed to make this work in Postman.