Access Token Denied Although Valid - Please Advise

Retired Boards Appdev Authentication

Topic summary

Issue: After obtaining an OAuth2 access token in Insomnia, requests to the Customer Account API return ACCESS_DENIED (“Not a valid access token”) despite the token not being expired. GraphQL query used: query { customer { email } }.

Endpoints tried:

Details:

  • Headers include Authorization: Bearer and Content-Type: application/json.
  • Response consistently shows errors.extensions.code = ACCESS_DENIED.

Community input:

  • Suggestion (if creating customers): use Admin REST API PUT /admin/api/2023-04/customers.json and ensure the app has the “customers” access scope. This implies possible confusion between Admin, Storefront, and Customer Account APIs.
  • Another user confirms the same issue while trying to fetch customer details and order history.

Key considerations:

  • Token type/scope may not match the target API (customer token vs admin app token).
  • Endpoint selection must align with the API being queried; GraphQL uses POST, Admin REST creation uses PUT.

Status: Unresolved; awaiting clarification on correct token type, required scopes, and endpoint for Customer Account API access.

Summarized with AI on December 30. AI used: gpt-5.
1

Hi folks,

I’m attempting a test API call to the customer account API with OAuth2 using Insomnia. I can acquire the access token, but when I attempt to use it I get “Not a valid access token”.

The token is not expired, I use it shortly after it’s acquired and it has almost 2 hours before expiration. I’m making a POST request. I’m not sure which URL I should be hitting, though I’ve tried both the shop url

https://my-shop-name.myshopify.com/api/2024-01/graphql.json

which I use to successfully access the storefront API, and I’ve tried the url suggested in the docs under endpoints and queries which is

https://shopify.com/<shop_id>/account/customer/api/unstable/graphql.

The headers are Content-Type : application/json; Authorization : Bearer token

I’m using this json formatted graphql query

{“query”: “query { customer { email } }”}

though I’ve also attempted using a structured graphql query.

The result of the request is

{
“errors”: [{
“message”: “”,
“extensions”: {
“code”: “ACCESS_DENIED”}}]

}

Any advice is appreciated

Kind regards

2

Are you trying to create a customer? If so you should be making the PUT request to /admin/api/2023-04/customers.json - and you’ll need to make sure the app has the “customers” access scope.

3

Hey, did you work this out in the end? I’m running into the same issue.

@Liam in my case, I’m trying to fetch information about a customer, order history etc.