Access denied for products field with unauthenticated_read_product_listings scope

Retired Boards Appdev Graphql Basics And Troubleshooting

Topic summary

Access to the products field fails because the request is using the Admin GraphQL client/token instead of the Storefront API. The scope unauthenticated_read_product_listings grants public (unauthenticated) read access to product listings via the Storefront API, not the Admin GraphQL API.

Recommended steps:

  • Use the Storefront client (Shopify.Clients.Storefront) rather than Shopify.Clients.Graphql.
  • Call the Storefront GraphQL endpoint: https://{store_name}.myshopify.com/api/2022-10/graphql.json.
  • Include X-Shopify-Storefront-Access-Token with a Storefront access token in the request headers.
  • Test with CURL/Postman to rule out library issues.

Key terms:

  • Storefront API: Public-facing API for storefront data (requires Storefront access token).
  • Admin GraphQL API: Merchant/admin-facing API (requires Admin access token with different scopes).

Outcome/Status: Guidance provided; no confirmation of resolution yet. If the issue persists after switching to the Storefront client/endpoint and token, contact Shopify Partner Support for a deeper review of authenticated permissions.

Summarized with AI on February 7. AI used: gpt-5.
1

Hello,

My session has unauthenticated_read_product_listings scope and when I run the graphql query below:

const client = new Shopify.Clients.Graphql(session.shop, session.accessToken);
 await client.query({
                            data: `{
                                    products (first: 10) {
                                      edges {
                                        node {
                                          id
                                          title
                                        }
                                      }
                                    }
                                  }`,
                           });

It always throws ‘Access denied for products field’ errors. Can anyone advise me on what I’m doing wrong? Thank you

1 Like
2

Hi @jborden13 :waving_hand:

A Storefront API access token with the unauthenticated_read_product_listings scope should definitely have permissions to query products via the Storefront API. As noted in this doc from the [shopify-api-node](https://github.com/Shopify/shopify-api-node) repo, the storefront client can be queried with Shopify.Clients.Storefront()whereas your snippet appears to be referencing Shopify.Clients.Graphql()

Testing your query using CURL or a client like Postman/Insomnia may be helpful to to rule out any issues with the Node library as well. The request should:

If the issue persists, please let us know via the support page of your partner dashboard so that we can take a closer look with your authenticated permissions.

Hope that helps!