Access denied for productUpdate field. Required access: `write_products` access scope

Hello I am trying to create a metafield on my products by following this article link .

I am running the following graphql queries on Admin API to create a metafield.

mutation ($input: ProductInput!) {
  productUpdate(input: $input) {
    product {
      metafields(first: 100) {
        edges {
          node {
            namespace
            key
            value
          }
        }
      }
    }
  }
}

{
  "input" : {
    "id": "gid://shopify/Product/8068524540191",
    "metafields": [
      {
        "namespace": "instructions",
        "key": "wash",
        "value": "cold wash",
        "type": "single_line_text_field"
      }
    ]
  }
}

but getting the error

{
  "data": {
    "productUpdate": null
  },
  "errors": [
    {
      "message": "Access denied for productUpdate field. Required access: `write_products` access scope. Also: The user must have a permission to update products.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "productUpdate"
      ],
      "extensions": {
        "code": "ACCESS_DENIED",
        "documentation": "https://shopify.dev/api/usage/access-scopes",
        "requiredAccess": "`write_products` access scope. Also: The user must have a permission to update products."
      }
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 112,
      "actualQueryCost": 10,
      "throttleStatus": {
        "maximumAvailable": 1000,
        "currentlyAvailable": 990,
        "restoreRate": 50
      }
    }
  }
}

I have provided the access scopes for admin API configuration

Screenshot 2023-01-25 143319.png1916×953 193 KB

also when I am running this query

{
    currentAppInstallation {
        accessScopes {
            handle
        }
    }
}

I am getting this response

{
  "data": {
    "currentAppInstallation": {
      "accessScopes": [
        {
          "handle": "read_content"
        },
        {
          "handle": "read_products"
        },
        {
          "handle": "unauthenticated_read_product_listings"
        },
        {
          "handle": "unauthenticated_read_product_tags"
        },
        {
          "handle": "unauthenticated_write_checkouts"
        },
        {
          "handle": "unauthenticated_write_customers"
        },
        {
          "handle": "unauthenticated_read_customer_tags"
        },
        {
          "handle": "unauthenticated_read_content"
        },
        {
          "handle": "unauthenticated_read_checkouts"
        },
        {
          "handle": "unauthenticated_read_customers"
        }
      ]
    }
  },
  "extensions": {
    "cost": {
      "requestedQueryCost": 2,
      "actualQueryCost": 2,
      "throttleStatus": {
        "maximumAvailable": 1000,
        "currentlyAvailable": 998,
        "restoreRate": 50
      }
    }
  }
}

Needed Help!!!

Hi @IndikaDev

Would you please try the same mutation in the below curl request instead? I’ve seen this be an issue when apps incorrectly reference the Storefront API endpoint rather than the Admin API.

curl -L -X POST 'https://STORE-NAME.myshopify.com/admin/api/2023-01/graphql.json' \
-H 'X-Shopify-Access-Token: ADMIN-ACCESS-TOKEN' \
-H 'Content-Type: application/json' \
--data-raw '{"query":"mutation ($input: ProductInput!) { productUpdate(input: $input) { product { metafields(first: 10) { nodes { namespace key value } } } } }","variables":{"input":{"id":"gid://shopify/Product/6795723079798","metafields":[{"namespace":"instructions","key":"wash","value":"cold wash","type":"single_line_text_field"}]}}}'

Thanks, it worked, don’t know why graphiql was not working!!!

Hey, I am getting similar error while creating product which is bundle of more than one product but it says I don’t have access of write_product but i have granted all access of product creation and edit product Here is my GrapQL Query
mutation {
productCreate(input: {
title: "Our first bundle ",
handle: “bundle-product”,
productType: “bundle”,
vendor: “bundle”,
tags: “bundle”,
variants: [
{ price: 120, sku: “gid://shopify/Product/4517844877425” },
{ price: 110, sku: “gid://shopify/Product/4517845500017” },
{ price: 100, sku: “gid://shopify/Product/4517865291889” }
]
}) {
product {
id
title
handle
productType
vendor
publishedAt
tags
variants(first: 3) {
edges {
node {
id
price
sku
}
}
}
}
}
}

and here is the response

{
“data”: {
“productCreate”: null
},
“errors”: [
{
“message”: “Access denied for productCreate field. Required access: write_products access scope. Also: The user must have a permission to create products.”,
“locations”: [
{
“line”: 2,
“column”: 7
}
],
“path”: [
“productCreate”
],
“extensions”: {
“code”: “ACCESS_DENIED”,
“documentation”: “https://shopify.dev/api/usage/access-scopes”,
“requiredAccess”: “write_products access scope. Also: The user must have a permission to create products.”
}
}
],
“extensions”: {
“cost”: {
“requestedQueryCost”: 15,
“actualQueryCost”: 10,
“throttleStatus”: {
“maximumAvailable”: 1000,
“currentlyAvailable”: 990,
“restoreRate”: 50
}
}
}
}

can you suggest any solution also can you suggest that my GraphQL query is correct which make bundle of product and deal as single product

Can you explain why this is the accepted solution?

Hey @Charles_Roberts ,

An app can have both Admin and Storefront API scopes granted, however those APIs are accessible on different endpoints.

When the OP shared the response from their query for AppInstallation.accessScopes and only Storefront API permissions were returned it seemed most likely that they had the wrong endpoint for updating products with the GraphQL Admin API.

• Since they mentioned that they were using the GraphiQL app, it’s possible that the wrong API Schema was selected in the tool.

Hope that helps!