Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
I'm having trouble running the "products" query in the Storefront GraphQL API. This is the error I'm getting:
{ errors: [ { message: 'Access denied for products field.' } ] }
This is the query:
query ($query: String!, $first: Int, $last: Int, $after: String, $before: String) { products(query: $query, first: $first, last: $last, after: $after, before: $before) { pageInfo { hasNextPage } edges { cursor node { id title handle } } } }
Received an error response (400 Bad Request) from Shopify: [ "Api permission exceeds public access token limit of: 100" ] If you report this error, please include this id: **ID redacted**
Solved! Go to the solution
This is an accepted solution.
Hi Rpbiwer,
Thanks for your post. To access information on products through the Storefront API the 'unauthenticated_read_product_listings' scope is required. There's a helpful chart about which unauthenticated scopes are required for access to different objects here: [Storefront API Unauthenticated Scopes - Shopify Dev Docs]
For the message about the token limit of 100, there is a limit of 100 active Storefront API access tokens per app per shop so you'll need to delete at least one existing token to be able to create a new one. That only appears to be mentioned in the REST API docs right now so we'll look into having this detail added to the GraphQL API docs as well, more info: [StorefrontAccessToken in REST API - Shopify Dev Docs]
Hope you have a great day,
Jon551 | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
This is an accepted solution.
Hi Rpbiwer,
Thanks for your post. To access information on products through the Storefront API the 'unauthenticated_read_product_listings' scope is required. There's a helpful chart about which unauthenticated scopes are required for access to different objects here: [Storefront API Unauthenticated Scopes - Shopify Dev Docs]
For the message about the token limit of 100, there is a limit of 100 active Storefront API access tokens per app per shop so you'll need to delete at least one existing token to be able to create a new one. That only appears to be mentioned in the REST API docs right now so we'll look into having this detail added to the GraphQL API docs as well, more info: [StorefrontAccessToken in REST API - Shopify Dev Docs]
Hope you have a great day,
Jon551 | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Thanks @jon551!
Re: the token limit: I did something stupid and generated a bunch of Storefront API tokens without saving them. I did so while I was just playing around with the API, before I read the documentation and developed an understanding of the Storefront API token lifecycle.
My understanding now is that Storefront API tokens are long-lived and I generally should have little to no need to request new tokens, is that correct?
Is there any way to delete API tokens that I no longer have access to?
Actually I think you've already answered my last question – the API you linked to includes a GET endpoint which lists the existing tokens.
Hi Rpbiwer,
Thanks for your reply. Yes that's correct, also a GraphQL query on [Shop.storefrontAccessTokens] is another way to list the ones associated with the app and there's a [storefrontAccessTokenDelete mutation] to help with removing them.
Hope you have a great day,
Jon551 | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog