AppBridgeError - APP::ERROR::PERMISSION

Retired Boards Appdev Custom Storefronts

Topic summary

Issue: Embedded app shows AppBridgeError (APP::ERROR::PERMISSION) when opening the Resource Picker (UI to select products/collections), despite app scopes appearing correct.

Reports: Multiple developers see this on some merchants; not widespread.

Key findings:

  • App Bridge config: One team resolved it by updating createApp to use the iframe URL’s host param instead of shopOrigin (e.g., createApp({ apiKey, host })). The code change is central to this thread.
  • Staff permissions: Errors occur for staff users lacking store-level access to Products/Collections. In “online” mode (session-based), the access token reflects the current user’s permissions, so GraphQL requests fail if the user lacks access. Using an “offline” Admin API token (store-scoped) could bypass this, but has security implications.

Implications:

  • Poor UX for under-permissioned staff; desire to detect missing permissions ahead of time and tailor features/messages.

Actions suggested:

  • Ensure App Bridge initialization uses host.
  • Verify staff account permissions include Products/Collections.
  • Consider (cautiously) using offline tokens for server-side calls.

Status: Partially resolved with config and permission checks; no single definitive fix. Discussion remains open.

Summarized with AI on February 8. AI used: gpt-5.
1

Hi there,

I have a merchant who recently installed my app. In my app’s admin menu they’re getting an AppBridgeError when opening a Resource Picker. The error is APP::ERROR::PERMISSION, which seems to imply that our app doesn’t have the right read permissions to view their products/collections, but looking in the app’s About menu, it looks like we do.

No other merchants have reported the same issue, and I’ve asked that the reinstall the app to see if that corrects the issue. Has anyone else ever seen something like this before?

2

Hi @WSG .

Have you found the solution?

I’m experiencing the same issue.

3

one of my merchants is facing same issue!

4

For us it was due to needing to update how the createApp is defined.

Originally we had:

var app = createApp({
    apiKey: xxxx,
    shopOrigin: xxxx
});

It now only seems to need the host from the iframe URL param.

var app = createApp({
    apiKey: apiKey,
    host: host
});
5

I’m noticing this happening on staff accounts that don’t have sufficient permissions given to them by the store owner when invited. For example, if I invite a staff account to my dev store but only give them permissions to access my app but don’t select the “Products” checkbox, any GraphQL query made to Product/Collection resources will fail with this error. I believe this is caused because the access token used in “online” mode is determined from the user’s session (so the permissions are constrained to the current user). Presumably, if you also had created an admin api access token in “offline” mode that you saved somewhere, you could perform the GraphQL requests using that. But I’m sure there are potential security implications there.

So that all being said, I’m still not sure what to do with this information. It’s not a great UX to have under-permissioned staff accounts jump into our app and have a half-working experience (even if we managed to provide really awesome error messaging in this scenario). I’d love to be able to determine these permission issues ahead of time so we could build features around it instead.

1 Like