Solved

Storefront API always returns status 403

leonardovilarin
Visitor
2 0 1

Hello,

I'm starting a development using the API gateway, I've already created an PUBLIC app and turned it into a sales channel. After that I entered the oAuth URL to get the permissions and code to generate the token:

 

https://shop.myshopify.com/admin/oauth/authorize?client_id=XXX&scope=unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags&redirect_uri=https://XXX&state=nonce1

 

 

After that, I created the token:

POST https://shop.myshopify.com/admin/oauth/access_token

 

{
"client_id": "XXX",
"client_secret": "shpss_YYY,
"code": "TTT"
}

 

This request returned a JSON that looked like this:

 

{
"access_token": "shpat_CCC",
"scope": "unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags"
}

 


Now when I try to run any route from the storefront API, for example:

POST https://shop.myshopify.com/api/2021-10/graphql.json
Header -> X-Shopify-Storefront-Access-Token: shpat_CCC

 

{
  products(first:5) {
    edges {
      node {
        id
      }
    }
  }
}

 

 

I get a 403 Forbidden error. Has anyone ever experienced this? Can you help me solve it?

Accepted Solution (1)

awwdam
Shopify Staff
249 42 36

This is an accepted solution.

Hey @leonardovilarin,

Just wanted to follow up and ask if you are still facing this 403 error?

From the info shared, it appears you may be using an "access_token" - An API access token that can be used to access the shop’s data as long as your app is installed. Your app should store the token somewhere to make authenticated requests for a shop’s data.

An access token 
is generated in the OAuth process differs from a storefront access token, and these are not interchangeable.

As long as your app has been made into a Sales Channel and requested the correct scopes through OAuth, the next step would be a request to the Admin API through a REST call or via GraphQL to generate a new storefront access token. For more insights, I would suggest working through our Storefront API getting started guide here as well as taking a look through the Storefront API learning kit for more details. 

Hope that offers a good start - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Replies 5 (5)

awwdam
Shopify Staff
249 42 36

This is an accepted solution.

Hey @leonardovilarin,

Just wanted to follow up and ask if you are still facing this 403 error?

From the info shared, it appears you may be using an "access_token" - An API access token that can be used to access the shop’s data as long as your app is installed. Your app should store the token somewhere to make authenticated requests for a shop’s data.

An access token 
is generated in the OAuth process differs from a storefront access token, and these are not interchangeable.

As long as your app has been made into a Sales Channel and requested the correct scopes through OAuth, the next step would be a request to the Admin API through a REST call or via GraphQL to generate a new storefront access token. For more insights, I would suggest working through our Storefront API getting started guide here as well as taking a look through the Storefront API learning kit for more details. 

Hope that offers a good start - Cheers!

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

intelli-ua
Shopify Partner
12 0 6

@awwdam I've been looking for a solution for a similar problem with Shopify Storefront API. The documentation (https://shopify.dev/api/storefront) doesn't specify that the app should necessarily be a Sales Channel to use the API. 

If we try to get storefront access token with a regular app, the API will return us:

"App must have a channel record to create a storefront access token."

But what if we need to use Storeftont API endpoint in a regular app that is not a Sales Channel and doesn't even similar to functionality of sales channel (e.g. the app is not helping to sell anything, but works with different parts of Storefront API)?
radpinkdream
Shopify Partner
6 0 2

Hi! Do we have to convert it to a Sales Channel? What if it's a Checkout UI extension? Thanks!

 

Kaisan
Visitor
2 0 0

I also always get status 403 Forbidden for storefront api from postman and even from my vue app.

ZoeM_
Shopify Partner
9 0 3

Hi,

I am building a public app, and now I  am struggling with how to turn my public app into a sales channel? Could you help me? Thank you so much!