Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
hi I'm having issues with the scope of a generated storefront access token
would anybody be able to provide a working scope request or an example of what a scope request that would look like if it were to request ALL PERMISSIONS
requesting the following with storefront access token: f4978250be371de1fe774dcb4317774b
{ shop { products(first: 30) { pageInfo { hasNextPage hasPreviousPage } edges { cursor node { id handle variants(first: 30) { edges { node { id } } } } } } } } returns: {u'data': {u'shop': {u'products': {u'edges': [], u'pageInfo': {u'hasNextPage': False, u'hasPreviousPage': False}}}}} with no products instead of the expected reusult using api setup with the following scope: 'SCOPE': 'write_products, write_inventory, read_locations, write_orders, write_customers, write_draft_orders, write_shipping, write_orders, write_checkouts, read_collection_listings, unauthenticated_read_product_listings, unauthenticated_read_product_tags, unauthenticated_write_checkouts, unauthenticated_write_customers, unauthenticated_read_customer_tags, unauthenticated_read_content' how can I configure this scope to allow the products to be returned? I would imagine the write_products would do it when I create the storefront access token it tells me it has the following permissions: unauthenticated_read_content,unauthenticated_read_customer_tags,unauthenticated_read_product_tags,unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_read_checkouts,unauthenticated_write_customers,unauthenticated_read_customers
it just works when I use a private app key with everything granted but I'm trying to remove all need for a private key as it's going to be going in the app store and that isn't reccomended
any help would be really appreciated because I'm banging my head against a wall here trying to figure out the right scope.
cheers,
Henry
Solved! Go to the solution
This is an accepted solution.
alright so the reason that it wasn't returning any products when I queried them was because either the collection or the product was not published and visible
it wasn't a scope issue after all
it would be helpful if the ghraphql query responded with an error message explaining the product is not published if the variantid isn't found
Any help would be most appreciated, I've been playing around, and I seem to be able to update existing carts with the new storefront access token, but not able to create new carts from scratch via graphql. It returns a null value, are their different permission scopes for creating carts and updating them?
confused and seeking a light
henry
This is an accepted solution.
alright so the reason that it wasn't returning any products when I queried them was because either the collection or the product was not published and visible
it wasn't a scope issue after all
it would be helpful if the ghraphql query responded with an error message explaining the product is not published if the variantid isn't found