Cannot access fulfillment order

Retired Boards Appdev Fulfillment Api

Topic summary

Issue: Requests to Fulfillment Orders and creating fulfillments return 403 with “The api_client does not have the required permission(s).” despite seemingly correct scopes.

Key details:

  • Endpoints involved: GET /orders/{id}/fulfillment_orders.json, GET /fulfillment_orders/{id}.json, POST /fulfillments.json (2023-04).
  • Errors observed: missing required scopes (e.g., write_assigned_fulfillment_orders requires write_fulfillments) and “[API] This action requires merchant approval for write_fulfillments.”
  • One user could read fulfillment orders and fulfillments arrays but could not POST a fulfillment. Both Postman with X-Shopify-Access-Token and Basic Auth returned 403.

Guidance provided:

  • Confirm the correct access token in header: X-Shopify-Access-Token: shpat_…
  • Ensure app has the correct fulfillment-order permissions per role: write_{assigned|merchant_managed|third_party}_fulfillment_orders, plus write_fulfillments when required.
  • Verify access by GETting the specific fulfillment order. Review Shopify’s migration docs for fulfillment orders and scope requirements.

Outcome:

  • After invoking the request_scope endpoint for each write_*_fulfillment_order as per the migration guide, the app began working without additional merchant scope updates. Resolution may have been scope re-request or propagation timing.

Status: Partially resolved (confirmed fix for one participant). Original poster’s case not explicitly closed.

Summarized with AI on January 25. AI used: gpt-5.
6

I have all of the fulfillment permissions/scopes that are configurable. Much as you had written write_{assigned/merchant_managed/third_party}_fulfillment_orders.

The header X-Shopify-Access-Token is set on my Postman request. The app itself is a Spring Boot application and uses the Base64 encoded : format for the Basic Authorization header. Both give the same 403 response.

"errors": "The api_client does not have the required permission(s)."

The order is unfulfilled, I am able to query 2023-04/fulfillment_orders/<fulfillment_order_id>.json and 2023-04/orders/<order_id>/fulfillment_orders.json and 2023-04/orders/<order_id>/fulfillments.json successfully.