Unauthenticated Storefront API returns 403

Shopify Partner
6 0 2

According to https://shopify.dev/api/storefront#development_frameworks_and_sdks ,

when I'm calling out to the Storefront API using an unauthenticated request to get a list of products:

eg. https://shopify.dev/api/storefront/2022-10/objects/product

and I get a 403 response, that means my store is... forbidden and marked as fraudulent? How can this be and how can I mark it safe? It's a development store. Thanks!


I've tried both queries and mutations and both have resulted in 403's. Any suggestions appreciated, I thought as long as the app has the right scopes, we can request the unauthenticated APIs no problem?

Reply 1 (1)

Shopify Partner
24 1 3

Did you get to the bottom of this? I have a production app and a staging version, the later of which is currently throwing a 403 on the StoreFront API. There's a valid session etc, and the same app works fine in another dev store.


My hunch is it's something store related, rather than the app itself.


For context, I'm using the Shopify Remix app framework, so all of this should "Just Work".


Would be interested to hear how you solved it.