Payment App integration

New Member
1 0 0

We created a Shopify payment App, and we already set the scope as follows in our PHP code

$scopes = 'write_payment_gateways,write_payment_sessions,write_orders,write_products,write_customers';



// Set variables for our request
$shop         = $_GET['shop'];
$scopes       = 'write_payment_gateways,write_payment_sessions,write_orders,write_products,write_customers';
$redirect_uri = '';

// Build install/approval URL to redirect to
$install_url = 'https://' . $shop . '/admin/oauth/authorize'
        . '?client_id=' . $api_key
        . '&scope=' . $scopes
        . '&redirect_uri=' . urlencode($redirect_uri)
        . '&state=st'.rand(5, 1000)
        . '&grant_options[]=per-user';

// Redirect
header('Location: ' . $install_url);

Now, when we try to call GraphQL API mutation PaymentsAppConfigure, we are always getting "You do not have permission to access this website"

// Get $api_key & $shared_secret from config.php

$params = $_GET; // Retrieve all request parameters
$hmac   = $_GET['hmac']; // Retrieve HMAC request parameter

$params = array_diff_key($params, array('hmac' => '')); // Remove hmac from params
ksort($params); // Sort params lexographically

$computed_hmac = hash_hmac('sha256', http_build_query($params), $shared_secret);

// Use hmac data to check that the response is from Shopify or not
if (!hash_equals($hmac, $computed_hmac)) {
    die('Error: invalid authentication!');
// Validate request is from valid shopify website
if (!preg_match("/\A[a-zA-Z0-9][a-zA-Z0-9\-]*\.myshopify\.com\z/", $_GET['shop'])) {
    die('Error: invalid Shop!');
// Set variables for our request
$query = array(
    "client_id"     => $api_key, // Your API key
    "client_secret" => $shared_secret, // Your app credentials (secret key)
    "code"          => $params['code'] // Grab the access key from the URL

// Generate access token URL
$access_token_url = "https://" . $params['shop'] . "/admin/oauth/access_token";

// Configure curl client and execute request
$ch     = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $access_token_url);
curl_setopt($ch, CURLOPT_POST, count($query));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($query));
$result = curl_exec($ch);

// Store the access token
$result = json_decode($result, true);
error_log(PHP_EOL . date('d.m.Y h:i:s') . ' - ' . 'access token: ' . print_r($result, 1), 3, 'test.log');

if (!empty($result['access_token'])) {
    // Should call an API to connect the payment app !!!
    //  https://{shop_domain}/payments_apps/api/2021-07/graphql.json
    $url = 'https://' . $params['shop'] . '/payments_apps/api/2021-07/graphql.json';

    $queryArr = [
        'query'     => 'mutation PaymentsAppConfigure($externalHandle: String, $ready: Boolean!) {
                paymentsAppConfigure(externalHandle: $externalHandle, ready: $ready) {
                    paymentsAppConfiguration {
        'variables' => [
            'externalHandle' => 'API_token_key',
            'ready'          => true

    $query = json_encode($queryArr);

    $ch     = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Shopify-Access-Token:' . $result['access_token'], 'Content-Type: application/json'));
    $result = curl_exec($ch);
    $err    = curl_error($ch);

    echo "<pre>";
    // 	print_r($err);
} else {
    die('Error: No response!');


Moreover, we tried to install GraphQL APP, and called the same mutation. We got "message": "PaymentsAppConfigure access denied",

Screenshot from 2021-08-25 09-08-59.png

Meanwhile, when calling any rest API using the same code or even using GraphQL, we got a successful response.

We need to know, Is there any extra scope that should be added in our Payment App implementation or we should have specific permission from Shopify partner account??

Replies 3 (3)
New Member
4 0 0


did you get it to work?

I don't know what the value should be for "externalHandle".

I notice you are using "API TOKEN", does it work?


Shopify Partner
2571 309 641

Hii @Nermeen ,

This page will help you get up and running with Shopify’s GraphQL API.

Thank You.

If helpful, please Like and Accept Solution.
if you Want to modify or Customize your theme ,
Hire us | Whatsapp. and we also help you to guide how to reach to your potential customers to increase brand presence, engagements and sales for your business or Want to know more. Read our Shopify Blogs.Email us:

PSD to Shopify | Shopify Design Changes | Shopify Custom Theme Development and Desing | Custom Modifications In to Shopify Theme | SEO & Digital Marketing
New Member
3 0 0

There are two scenarios which cause the below error.

 "errors": [
            "message": "PaymentsAppConfigure access denied",

Scenario-1: X-Shopify-Access-Token which you are passing in the request header is not a valid access token. 
Scenario-2: When ever you are working with payment apps you must request access to the below scopes which are mandatory to work with Shopify Payment App Extension.
write_payment_gateways, write_payment_sessions.
This access scopes should be requested by your public app(Payment App) during the OAuth grant screen installation process.