Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
Hello,
I'm starting a development using the API gateway, I've already created an PUBLIC app and turned it into a sales channel. After that I entered the oAuth URL to get the permissions and code to generate the token:
https://shop.myshopify.com/admin/oauth/authorize?client_id=XXX&scope=unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags&redirect_uri=https://XXX&state=nonce1
After that, I created the token:
POST https://shop.myshopify.com/admin/oauth/access_token
{
"client_id": "XXX",
"client_secret": "shpss_YYY,
"code": "TTT"
}
This request returned a JSON that looked like this:
{
"access_token": "shpat_CCC",
"scope": "unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags"
}
Now when I try to run any route from the storefront API, for example:
POST https://shop.myshopify.com/api/2021-10/graphql.json
Header -> X-Shopify-Storefront-Access-Token: shpat_CCC
{
products(first:5) {
edges {
node {
id
}
}
}
}
I get a 403 Forbidden error. Has anyone ever experienced this? Can you help me solve it?
Solved! Go to the solution
This is an accepted solution.
Hey @leonardovilarin,
Just wanted to follow up and ask if you are still facing this 403 error?
From the info shared, it appears you may be using an "access_token" - An API access token that can be used to access the shop’s data as long as your app is installed. Your app should store the token somewhere to make authenticated requests for a shop’s data.
An access token is generated in the OAuth process differs from a storefront access token, and these are not interchangeable.
As long as your app has been made into a Sales Channel and requested the correct scopes through OAuth, the next step would be a request to the Admin API through a REST call or via GraphQL to generate a new storefront access token. For more insights, I would suggest working through our Storefront API getting started guide here as well as taking a look through the Storefront API learning kit for more details.
Hope that offers a good start - Cheers!
awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
This is an accepted solution.
Hey @leonardovilarin,
Just wanted to follow up and ask if you are still facing this 403 error?
From the info shared, it appears you may be using an "access_token" - An API access token that can be used to access the shop’s data as long as your app is installed. Your app should store the token somewhere to make authenticated requests for a shop’s data.
An access token is generated in the OAuth process differs from a storefront access token, and these are not interchangeable.
As long as your app has been made into a Sales Channel and requested the correct scopes through OAuth, the next step would be a request to the Admin API through a REST call or via GraphQL to generate a new storefront access token. For more insights, I would suggest working through our Storefront API getting started guide here as well as taking a look through the Storefront API learning kit for more details.
Hope that offers a good start - Cheers!
awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
@awwdam I've been looking for a solution for a similar problem with Shopify Storefront API. The documentation (https://shopify.dev/api/storefront) doesn't specify that the app should necessarily be a Sales Channel to use the API.
If we try to get storefront access token with a regular app, the API will return us:
Hi! Do we have to convert it to a Sales Channel? What if it's a Checkout UI extension? Thanks!
I also always get status 403 Forbidden for storefront api from postman and even from my vue app.
Hi,
I am building a public app, and now I am struggling with how to turn my public app into a sales channel? Could you help me? Thank you so much!