Shopify APIs and SDKs

heisenbaby · ‎08-09-2021

Hello,

I have created a public app with sales channel enabled and am trying to generate the storefront API access token but keep getting a status code 403 with following response body:

POST /admin/api/2021-07/storefront_access_tokens.json

x-request-id: (41437402-df7a-42cc-b88d-8e98cc3270ad)

{

"errors": "Token must be eligible to manage storefront tokens."

}.

The Admin API has the following scopes so i'm not sure what is missing or incorrect. Any ideas?

Admin API (https://{shop}/admin/api/2019-10/graphql.json) Request:
{
  appInstallation {
    accessScopes {
      handle
      description
    }
  }
}

Response:
{
    "data": {
        "appInstallation": {
            "accessScopes": [
                {
                    "handle": "read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "read_orders",
                    "description": "Read orders, transactions, and fulfillments"
                },
                {
                    "handle": "read_shipping",
                    "description": "Read shipping rates, countries, and provinces"
                },
                {
                    "handle": "write_content",
                    "description": "Modify store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "write_products",
                    "description": "Modify products, variants, and collections"
                },
                {
                    "handle": "write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "write_draft_orders",
                    "description": "Modify draft orders"
                },
                {
                    "handle": "unauthenticated_read_customer_tags",
                    "description": "Read customer tags"
                },
                {
                    "handle": "unauthenticated_read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "unauthenticated_read_product_listings",
                    "description": "Read product information"
                },
                {
                    "handle": "unauthenticated_read_product_tags",
                    "description": "Read product tags"
                },
                {
                    "handle": "unauthenticated_read_collection_listings",
                    "description": "Read collection listings"
                },
                {
                    "handle": "unauthenticated_write_checkouts",
                    "description": "Modify checkouts"
                },
                {
                    "handle": "unauthenticated_write_customers",
                    "description": "Modify customer details and customer groups"
                },
                {
                    "handle": "read_content",
                    "description": "Read store content like articles, blogs, comments, pages, and redirects"
                },
                {
                    "handle": "read_products",
                    "description": "Read products, variants, and collections"
                },
                {
                    "handle": "read_customers",
                    "description": "Read customer details and customer groups"
                },
                {
                    "handle": "read_draft_orders",
                    "description": "Read draft orders"
                },
                {
                    "handle": "unauthenticated_read_checkouts",
                    "description": "Read checkouts"
                },
                {
                    "handle": "unauthenticated_read_customers",
                    "description": "Read customer details and customer groups"
                }
            ]
        }
    },
    "extensions": {
        "cost": {
            "requestedQueryCost": 2,
            "actualQueryCost": 2,
            "throttleStatus": {
                "maximumAvailable": 1000.0,
                "currentlyAvailable": 998,
                "restoreRate": 50.0
            }
        }
    }
}

awwdam · ‎08-17-2021

Hey @heisenbaby, just wanted to touch base on this to ask and share a few things here!

Apps must explicitly request access to scopes during the installation process, opposed to being updated with them.
In the case that these scope were requested/updated after installation, uninstalling and reinstalling the app is suggested.
Here is a link to our full OAuth guide, if needed for reference.

If yes to the above, here are a few questions to work through:

1. Does this persist across multiple testing and/or development stores?
2. Are you using REST or GraphQL?
3. If yes, have you tested with both using their corresponding endpoints?
4. Can you replicate this across more than one app?

Feel free to let me know once you have worked through this, and I would be happy to try and pass on any other insights if needed - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

tomwilson · ‎11-29-2021

accessMode: 'offline'

Was the key to making this work for me 😄

View solution in original post

awwdam · ‎08-17-2021

Hey @heisenbaby, just wanted to touch base on this to ask and share a few things here!

Apps must explicitly request access to scopes during the installation process, opposed to being updated with them.
In the case that these scope were requested/updated after installation, uninstalling and reinstalling the app is suggested.
Here is a link to our full OAuth guide, if needed for reference.

If yes to the above, here are a few questions to work through:

1. Does this persist across multiple testing and/or development stores?
2. Are you using REST or GraphQL?
3. If yes, have you tested with both using their corresponding endpoints?
4. Can you replicate this across more than one app?

Feel free to let me know once you have worked through this, and I would be happy to try and pass on any other insights if needed - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

tomwilson · ‎10-06-2021

Did you ever figure this out? I have the same issue 😞

tomwilson · ‎11-29-2021

accessMode: 'offline'

Was the key to making this work for me 😄

seymur · ‎05-18-2022

Can you elaborate please ? Where should I put the

accessMode: "offline"

?

tomwilson · ‎05-18-2022

So, this may or may not be the issue you are having, as it depends how you are requesting the Shopify API access token (which you in turn use when to request a storefront token).

The default when requesting access to the Shopify API is for tokens to have offline access (https://shopify.dev/apps/auth/oauth/access-modes), But if you are using the @Shopify/koa-shopify-auth module that a lot of the sample code uses, when you request the token with createShopifyAuth, you need to specify it, as it defaults to requesting tokens with 'online' access. And those don't work to create a Storefront token - or they didn't. It was a while since I did this and it was poorly documented (hence this thread).

    createShopifyAuth({
      accessMode: 'offline',
      async afterAuth(ctx) {
       ... whatever
      }
    })

Best of luck!

Shopify APIs and SDKs

StorefrontAccessToken Request "Token must be eligible to manage storefront tokens." 403 Forbidden

Community Blog Articles

Shopify Community

Support

Shopify

Quick Links