Shopify APIs and SDKs

Borbit · ‎09-17-2019

Hi, I made all the steps to be able to use the call POST /admin/api/2019-07/storefront_access_tokens.json

Unfortunately, I got the error {"errors": "Token must be service access."}

I tried this call manually using the X-Shopify-Access-Token generated by app (token still valid of course). The app is already a sales channel and unauthenticated_... scopes have already been added.

Please help to figure it out. App id: 3143539

hassain · ‎09-20-2019

Hey @Borbit ,

As you may have learned from this thread, there are three conditions that would cause this "Token must be service access" error to be thrown:

1. Your access token is a per-user online access token

2. Your access token is a delegate access token

3. There is a unexpired refresh token that exists

From looking through our internal dashboard for the App ID of 3143539, as well as looking through our log files and database records for this app's API access tokens, I was able to determine that the API access tokens that were used to make the POST Request for creating Storefront Access Tokens were indeed per-user online access token. This means that the parameter "access_mode=per_user" was explicitly set during the authorization phase when generating this API access token, and that this access token will be linked to a individual user on a store (i.e. it will expire after the lifespan of the user’s web session and it will return HTTP 403 Status Code if the token is valid but the user does not have access).

The solution here would be to generate a new API access token for your App with the parameter of "access_mode" being left blank or omitted during the authorization phase. After this you should have no issues being able to make a POST Request with this API access token in order to create a StoreFront Access Token.

Hassain | Developer Support Specialist @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Click Accept as Solution

View solution in original post

hassain · ‎09-20-2019

Hey @Borbit ,

As you may have learned from this thread, there are three conditions that would cause this "Token must be service access" error to be thrown:

1. Your access token is a per-user online access token

2. Your access token is a delegate access token

3. There is a unexpired refresh token that exists

From looking through our internal dashboard for the App ID of 3143539, as well as looking through our log files and database records for this app's API access tokens, I was able to determine that the API access tokens that were used to make the POST Request for creating Storefront Access Tokens were indeed per-user online access token. This means that the parameter "access_mode=per_user" was explicitly set during the authorization phase when generating this API access token, and that this access token will be linked to a individual user on a store (i.e. it will expire after the lifespan of the user’s web session and it will return HTTP 403 Status Code if the token is valid but the user does not have access).

The solution here would be to generate a new API access token for your App with the parameter of "access_mode" being left blank or omitted during the authorization phase. After this you should have no issues being able to make a POST Request with this API access token in order to create a StoreFront Access Token.

Hassain | Developer Support Specialist @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Click Accept as Solution