Solved

Write scope required to register for a webhook?

steveryan
Tourist
3 1 1

Hi all,

 

I have a Shopify app that needs to subscribe to certain Webhooks for Shopify clients that install our app. We are using the @Shopify/koa-shopify-webhooks package, specifically the function registerWebhook, to register the Webhooks.

 

 I will focus on the orders webhook, but my issue applies to all of them.

 

My app needs to receive the Orders/create webhook, which we then inspect and sometimes will send api requests to our main webapp. We do not need to modify any Order data.

 

I would think that the following would be fine:

scopes: ['read_customers', 'read_orders', 'read_checkouts']

however, this causes registerWebhook to fail.

 

 

If, however I have my scopes set as:

scopes: ['read_customers', 'read_orders', 'read_checkouts', 'write_customers', 'write_orders', 'write_checkouts']

everything works perfectly.

 

 

I shouldn't need to have write access to anything in order to just consume these Webhooks, should I? Thanks for your help!

 

Accepted Solution (1)
steveryan
Tourist
3 1 1

This is an accepted solution.

So I figured this out. I believe it is a bug in @Shopify/koa-shopify-webhooks npm package because using their registerWebhooks function I needed write permissions to register the webhook.

 

I wrote my own registerWebhook function (just a POST to <shop_name>/admin/api/<api_version>/webhooks.json) and I am able to register Webhooks with only read scopes.

 

I have filed a bug on the Koa-shopify-webhooks project on GitHub.

View solution in original post

Replies 8 (8)

Visely-Team
Shopify Partner
1843 210 488

You don't need write permissions to create webhooks, unless something changed just recently, but I doubt. Looks more like a bug in the library?

 

What error do you get? Also, try registering the webhook using Postman and the same token you are using now, do you get the same error?

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
Graeme_Knight
Tourist
9 0 4

Hi folks,

 

I'm struggling with a similar problem regarding receiving webhook messages and posted about this in the forum just recently (I'd love to know how you got it to work)... However - I also found for I needed write scope in order to register a webhook via node libraries for create orders. Wouldn't work with just read.

 

G.

Visely-Team
Shopify Partner
1843 210 488

@Graeme_Knight @steveryan requiring a write scope is definitely a bug in the library and I would have it reported. Main reason being that when the time comes for merchants to install your app and they will see your app requests write access to heir orders when it should be needing it, they might just freakout an cancel the installation all together.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
Graeme_Knight
Tourist
9 0 4

@Visely-Team I'm pretty new to this so thought perhaps it was a me problem (usually is) but I'm more than happy to report my issue as a bug just in case. I think as a developer and merchant myself, I was freaking out that I appeared to need write access so I can imagine merchants feeling the same. Please point us at the correct bug reporting process and I'll certainly make sure it's reported from my side.

 

Many thanks, G.

steveryan
Tourist
3 1 1

This is an accepted solution.

So I figured this out. I believe it is a bug in @Shopify/koa-shopify-webhooks npm package because using their registerWebhooks function I needed write permissions to register the webhook.

 

I wrote my own registerWebhook function (just a POST to <shop_name>/admin/api/<api_version>/webhooks.json) and I am able to register Webhooks with only read scopes.

 

I have filed a bug on the Koa-shopify-webhooks project on GitHub.

Graeme_Knight
Tourist
9 0 4

@steveryan, I concur.

ShrutiM
Shopify Partner
15 0 2

Hi Steveryan,

I was facing similar issues with below webhooks when i was registering webhooks via https call

inventory_levels/create,inventory_levels/update,inventory_levels/delete,inventory_items/create
inventory_items/update,inventory_items/delete,draft_orders/create, draft_orders/update,draft_orders/delete.
 
Could you let me know how to set scope for any webhook?
Visely-Team
Shopify Partner
1843 210 488

@ShrutiM the issue is still open - https://github.com/Shopify/quilt/issues/1262 - so you are free to contribute. In the meantime you can implement your own webhook registration method uaing Shopify REST API with only read scopes.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog