Solved

403 response when using Shopify-Storefront-Private-Token (DelegateAccessToken)

intelli-ua
Shopify Partner
12 0 6

Hi all,

 

I'm working on an app that needs to perform action on behalf of a customer, which requires `unauthenticated_write_customers` scope. The app has such scope, so it has been used during the installation on the dev store I'm using.

I have been able to request delegate access token correctly with such a scope (tried both GraphQL and REST). However, when using the token in GraphQL request to Storefront API I'm always receiving 403 response with no body (thus explanation of what went wrong).

 

Include your delegate access token as a Shopify-Storefront-Private-Token header on requests from a server, such as the backend of a Hydrogen site.

Can someone help me to understand what I'm missing? 

X-Request-ID: `90821ac8-eaf1-4eaf-94af-3e7e5fbea931`

 

Thank you in advance!

 

UPD: I went back & forth with this and it seems that lots of Storefront API requests are not available for apps that are not Sales Channels (like my app). I will appreciate if someone from @Shopify can confirm that the issue here is that my app is not a sales channel. If this is true, the situation is very unfortunate, since my app doesn't require any sales channels features, it only works with customer accounts part of Storefront API. Some clarification from Shopify team is required here.

Accepted Solutions (2)

_JCC_
Shopify Staff
200 27 55

This is an accepted solution.

Thanks for your question about this. We're rolling this out incrementally. The first priority was for Hydrogen, and is also why you're able to find general details in our docs. Once we're at 100% rollout we'll update the developer changelog, and provide additional documentation on how to proper utilize the request headers you've identified.

 

I don't have an exact timeline to share today, and while things can change, I feel fairly confident that you'll see this be fully available later this quarter.

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

_JCC_
Shopify Staff
200 27 55

This is an accepted solution.

Hey everyone 👋. We're now live 😀 🎊. Change log entry has been posted here with links to documentation.

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Replies 6 (6)

0xrandom
Visitor
2 0 2

Would love a follow up here since I'm running into the exact same issue

hyperlab
Shopify Partner
4 0 0

Any news/insights? We are having the same issue. Shopify should urgently provide some docs how this should work. Running storefront API requests from a server is effectively unusable unless you have a very low-traffic site..

_JCC_
Shopify Staff
200 27 55

This is an accepted solution.

Thanks for your question about this. We're rolling this out incrementally. The first priority was for Hydrogen, and is also why you're able to find general details in our docs. Once we're at 100% rollout we'll update the developer changelog, and provide additional documentation on how to proper utilize the request headers you've identified.

 

I don't have an exact timeline to share today, and while things can change, I feel fairly confident that you'll see this be fully available later this quarter.

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

dkchacra
Visitor
1 0 0

so what are the suggested solution for now?

use the header from client side?

X-Shopify-Storefront-Access-Token: "Access Token"

 

_JCC_
Shopify Staff
200 27 55

Yes. If not building with Hydrogen server side data fetching without risking being rate limited isn't yet fully possible. Storefront API requests happening client side with a non delegate access token provided to the X-Shopify-Storefront-Access-Token is the preferred approach for now.

 

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

_JCC_
Shopify Staff
200 27 55

This is an accepted solution.

Hey everyone 👋. We're now live 😀 🎊. Change log entry has been posted here with links to documentation.

John C | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog