What's your biggest current challenge? Have your say in Community Polls along the right column.
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Storefront API returns 403 even with "X-Shopify-Storefront-Access-Token"

Storefront API returns 403 even with "X-Shopify-Storefront-Access-Token"

kkBloomreach
Tourist
5 0 4

This seems to be similar to "https://community.shopify.com/c/Shopify-APIs-SDKs/Accessing-Storefront-API-with-curl-and-GraphiQL-wo...

As explained in that related post, we have taken care of permissions as well. Still status is 403. Following is the fetch call:

let END_POINT_RAW="https://<shopname>.myshopify.com/api/2021-01/graphql.json"

function fetchBody_SHOP () {
 return {
      'method': 'POST',
      'crossDomain': true,
      'async': true,
      'mode': 'no-cors',
      'headers': {
             'Content-Type': 'application/graphql',
             'X-Shopify-Storefront-Access-Token': '<storefront_access_token>',
       },
       'body': 'query { shop { name } }'
  };
}

function respCallback (res) {
      if (!res.ok) {
           console.log ("resp not ok");
      } else {
           console.log ("resp ok");
      }
}

const result = fetch (END_POINT_RAW, fetchBody_SHOP ())
                                .then (res => respCallback (res))
                                .catch (err => errCallback (err));

Error msg (displayed in chrome-debugger-console):

https://<shopname>.myshopify.com/api/2021-01/graphql.json - 403

resp not ok

The 'res' object type is "opaque". So, don't know what further needs to be changed/adjusted/

Interesting to note, if we use the https url with API_KEY and API_PASSWORD, we do receive expected data.

"https://%s:%s@%s.myshopify.com/admin/api/%s/graphql.json" % (API_KEY, API_PASSWORD, SHOP_NAME, API_VERSION)

However using the "X-Shopify-Storefront-Access-Token" in fetch method, we get 403.

 

Replies 3 (3)

CalD
Shopify Staff
140 22 36

Hey @kkBloomreach,

Can you send over a request-id for an example request that returned this in the last 10 days?

CalD | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

kkBloomreach
Tourist
5 0 4

How / where can I find the 'request-id' ? I just re-ran the code and it still returns 403

 

CalD
Shopify Staff
140 22 36

Hi @kkBloomreach,

The 'x-request-id' is a response header returned from the API. You're using an opaque response, so you likely won't be able to log this from your app, but can you try to make requests to the storefront API and that storefront access token with an API client of your choice like Postman or Insomnia?

CalD | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog