Solved

Error executing "products" query in Storefront API

rpbiwer
Shopify Partner
19 0 6

I'm having trouble running the "products" query in the Storefront GraphQL API. This is the error I'm getting:

 

 

{ errors: [ { message: 'Access denied for products field.' } ] }

 

 

This is the query:

query ($query: String!, $first: Int, $last: Int, $after: String, $before: String) {
  products(query: $query, first: $first, last: $last, after: $after, before: $before) {
    pageInfo {
      hasNextPage
    }

    edges {
      cursor
      node {
        id
        title
        handle
      }
    }
  }
}
 
I'm using, as far as I'm aware, the required `unauthenticated_read_content` scope.
 
Another error I encountered was when I tried to create a new Storefront API token:
 
    Received an error response (400 Bad Request) from Shopify:
    [
      "Api permission exceeds public access token limit of: 100"
    ]
    If you report this error, please include this id: **ID redacted**
Because I'm unable to create a new Storefront API token, I'm also unable to debug my scopes.
Accepted Solution (1)

jon551
Shopify Staff
28 7 5

This is an accepted solution.

Hi Rpbiwer,

 

Thanks for your post. To access information on products through the Storefront API the 'unauthenticated_read_product_listings' scope is required. There's a helpful chart about which unauthenticated scopes are required for access to different objects here: [Storefront API Unauthenticated Scopes - Shopify Dev Docs]

 

For the message about the token limit of 100, there is a limit of 100 active Storefront API access tokens per app per shop so you'll need to delete at least one existing token to be able to create a new one. That only appears to be mentioned in the REST API docs right now so we'll look into having this detail added to the GraphQL API docs as well, more info: [StorefrontAccessToken in REST API - Shopify Dev Docs]

 

Hope you have a great day,

Jon551 | API Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Replies 4 (4)

jon551
Shopify Staff
28 7 5

This is an accepted solution.

Hi Rpbiwer,

 

Thanks for your post. To access information on products through the Storefront API the 'unauthenticated_read_product_listings' scope is required. There's a helpful chart about which unauthenticated scopes are required for access to different objects here: [Storefront API Unauthenticated Scopes - Shopify Dev Docs]

 

For the message about the token limit of 100, there is a limit of 100 active Storefront API access tokens per app per shop so you'll need to delete at least one existing token to be able to create a new one. That only appears to be mentioned in the REST API docs right now so we'll look into having this detail added to the GraphQL API docs as well, more info: [StorefrontAccessToken in REST API - Shopify Dev Docs]

 

Hope you have a great day,

Jon551 | API Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

rpbiwer
Shopify Partner
19 0 6

Thanks @jon551!

 

Re: the token limit: I did something stupid and generated a bunch of Storefront API tokens without saving them. I did so while I was just playing around with the API, before I read the documentation and developed an understanding of the Storefront API token lifecycle.

 

My understanding now is that Storefront API tokens are long-lived and I generally should have little to no need to request new tokens, is that correct?

 

Is there any way to delete API tokens that I no longer have access to?

rpbiwer
Shopify Partner
19 0 6

Actually I think you've already answered my last question – the API you linked to includes a GET endpoint which lists the existing tokens.

jon551
Shopify Staff
28 7 5

Hi Rpbiwer,

 

Thanks for your reply. Yes that's correct, also a GraphQL query on [Shop.storefrontAccessTokens] is another way to list the ones associated with the app and there's a [storefrontAccessTokenDelete mutation] to help with removing them.

 

Hope you have a great day,

Jon551 | API Support @ Shopify
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog