Re: Payment App integration

Why am I getting 'Access Denied' when integrating a payment app with PHP in Shopify?

Nermeen
Shopify Partner
6 0 4

We created a Shopify payment App, and we already set the scope as follows in our PHP code

$scopes = 'write_payment_gateways,write_payment_sessions,write_orders,write_products,write_customers';

<?php

require_once("inc/config.php");

// Set variables for our request
$shop         = $_GET['shop'];
$scopes       = 'write_payment_gateways,write_payment_sessions,write_orders,write_products,write_customers';
$redirect_uri = 'https://hostedwebsites.com/shopify-app/oauth-token.php';

// Build install/approval URL to redirect to
$install_url = 'https://' . $shop . '/admin/oauth/authorize'
        . '?client_id=' . $api_key
        . '&scope=' . $scopes
        . '&redirect_uri=' . urlencode($redirect_uri)
        . '&state=st'.rand(5, 1000)
        . '&grant_options[]=per-user';

// Redirect
header('Location: ' . $install_url);

Now, when we try to call GraphQL API mutation PaymentsAppConfigure, we are always getting "You do not have permission to access this website"

<?php
// Get $api_key & $shared_secret from config.php
require_once("inc/config.php");

$params = $_GET; // Retrieve all request parameters
$hmac   = $_GET['hmac']; // Retrieve HMAC request parameter

$params = array_diff_key($params, array('hmac' => '')); // Remove hmac from params
ksort($params); // Sort params lexographically

$computed_hmac = hash_hmac('sha256', http_build_query($params), $shared_secret);

// Use hmac data to check that the response is from Shopify or not
if (!hash_equals($hmac, $computed_hmac)) {
    die('Error: invalid authentication!');
}
// Validate request is from valid shopify website
if (!preg_match("/\A[a-zA-Z0-9][a-zA-Z0-9\-]*\.myshopify\.com\z/", $_GET['shop'])) {
    die('Error: invalid Shop!');
}
// Set variables for our request
$query = array(
    "client_id"     => $api_key, // Your API key
    "client_secret" => $shared_secret, // Your app credentials (secret key)
    "code"          => $params['code'] // Grab the access key from the URL
);

// Generate access token URL
$access_token_url = "https://" . $params['shop'] . "/admin/oauth/access_token";

// Configure curl client and execute request
$ch     = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $access_token_url);
curl_setopt($ch, CURLOPT_POST, count($query));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($query));
$result = curl_exec($ch);
curl_close($ch);

// Store the access token
$result = json_decode($result, true);
error_log(PHP_EOL . date('d.m.Y h:i:s') . ' - ' . 'access token: ' . print_r($result, 1), 3, 'test.log');

if (!empty($result['access_token'])) {
    // Should call an API to connect the payment app !!!
    //  https://{shop_domain}/payments_apps/api/2021-07/graphql.json
    $url = 'https://' . $params['shop'] . '/payments_apps/api/2021-07/graphql.json';

    $queryArr = [
        'query'     => 'mutation PaymentsAppConfigure($externalHandle: String, $ready: Boolean!) {
                paymentsAppConfigure(externalHandle: $externalHandle, ready: $ready) {
                    paymentsAppConfiguration {
                        externalHandle
                        ready
                    }
                    userErrors{
                        field
                        message
                    }
                }
            }',
        'variables' => [
            'externalHandle' => 'API_token_key',
            'ready'          => true
        ]
    ];

    $query = json_encode($queryArr);

    $ch     = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Shopify-Access-Token:' . $result['access_token'], 'Content-Type: application/json'));
    $result = curl_exec($ch);
    $err    = curl_error($ch);

    curl_close($ch);
    echo "<pre>";
    // 	print_r($err);
    print_r($result);
    die;
    
} else {
    die('Error: No response!');
}

 

Moreover, we tried to install GraphQL APP, and called the same mutation. We got "message": "PaymentsAppConfigure access denied",

Screenshot from 2021-08-25 09-08-59.png

Meanwhile, when calling any rest API using the same code or even using GraphQL, we got a successful response.

We need to know, Is there any extra scope that should be added in our Payment App implementation or we should have specific permission from Shopify partner account??

Replies 10 (10)

KevinZeng
Shopify Partner
4 0 0

Hi,

did you get it to work?

I don't know what the value should be for "externalHandle".

I notice you are using "API TOKEN", does it work?

Thanks,

Zworthkey
Shopify Partner
5581 642 1579

Hii @Nermeen ,

This page will help you get up and running with Shopify’s GraphQL API.

https://shopify.dev/api/admin-graphql#top

Thank You.

rahulk7
New Member
4 0 0

There are two scenarios which cause the below error.

 "errors": [
        {
            "message": "PaymentsAppConfigure access denied",

Scenario-1: X-Shopify-Access-Token which you are passing in the request header is not a valid access token. 
Scenario-2: When ever you are working with payment apps you must request access to the below scopes which are mandatory to work with Shopify Payment App Extension.
write_payment_gateways, write_payment_sessions.
This access scopes should be requested by your public app(Payment App) during the OAuth grant screen installation process.

khushbu1990
Tourist
4 0 2

@Nermeen   are you able to resolve error ?  Facing same issue graphql mutation is working from postman and not working from PHP code

You do not have permission to access this website

 

 

Nermeen
Shopify Partner
6 0 4

Hello @khushbu1990,

It's fixed by adding CURLOPT_USERAGENT in the CURL request as below:


$ch = curl_init();
$userAgent = $_SERVER['HTTP_USER_AGENT'];

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_POSTFIELDS, $query);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-Shopify-Access-Token:' . $result['access_token'], 'Content-Type: application/json'));
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

$result = curl_exec($ch);

khushbu1990
Tourist
4 0 2

Thanks @Nermeen  It's working now. I would like to know that what is the purpose to send user agent and i have gone through all documentation of shopify but didn't find anything.

Nermeen
Shopify Partner
6 0 4

@khushbu1990 

That's great!

It seems that Shopify graphQl doesn't accept requests without userAgent in the CURL header, That's why it returns 403  forbidden access. Moreover, there is no clear information regarding this point in the Shopify documentation.

Have a nice day!

khushbu1990
Tourist
4 0 2

Thanks @Nermeen  For information

Yes 100 % agree with you. There is no proper documentation on this

Vowelweb5253
Shopify Partner
17 0 3

Hi @Nermeen we were also facing the same issue, as per your comment we tried and added the user agent in the curl request. However, we are still getting this error. 

Shopify Expert | Shopify Design & Development | Custom Theme Development | Custom Modifications In Shopify Theme | Shopify Private App | Site Speed Optimization

For desired websites and solutions, Quick Chat WhatsApp + 919049680945 | Email: [email protected]

luisIceberg9
Visitor
2 0 0

Some one has resolved the "message": "PaymentsAppConfigure access denied"?

How can I validate if payments permissions were granted?