Permissions for SellingPlanGroupAddProducts

Retired Boards Appdev Graphql Basics And Troubleshooting
1

I am trying to add products to existing subscriptions, and according to the documentation you need write_products access scope, however when trying the mutation, I get

“errors”:[{“message”:“SellingPlanGroupAddProducts access denied”

I have also tried adding the write_own_subscription_contracts,read_own_subscription_contracts,read_customer_payment_methods scopes as discussed in other subscription based items, however for these I get an oauth error on missing permissions.

My app is a custom app.

Anyone have any input on the scopes needed to do this?

Thanks,

Reid

2

Also incase it helps, here is the mutation/response

Mutation that I am using:

mutation{
sellingPlanGroupAddProducts(id:“gid://shopify/SellingPlanGroup/110133397” productIds:“gid://shopify/Product/7212622807189” )
{
userErrors{
field
message
}
}
}

and the response:

 [headers] => Array
        (
            [status] => HTTP/1.1 200 OK
            [Date] => Mon, 08 Nov 2021 19:10:33 GMT
            [Content-Type] => application/json; charset=utf-8
            [Transfer-Encoding] => chunked
            [Connection] => keep-alive
            [X-Sorting-Hat-PodId] => 148
            [X-Sorting-Hat-ShopId] => 57253986453
            [Vary] => Accept-Encoding
            [Referrer-Policy] => origin-when-cross-origin
            [X-Frame-Options] => DENY
            [X-ShopId] => 57253986453
            [X-ShardId] => 148
            [X-Stats-UserId] => 
            [X-Stats-ApiClientId] => 6029787
            [X-Stats-ApiPermissionId] => 339770933397
            [X-Shopify-API-Version] => 2021-10
            [Content-Language] => en
            [Strict-Transport-Security] => max-age=7889238
            [X-Shopify-Stage] => production
            [Content-Security-Policy] => default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src [https://cdn.shopify.com](https://cdn.shopify.com/) [https://cdn.shopifycdn.net](https://cdn.shopifycdn.net/) [https://checkout.shopifycs.com](https://checkout.shopifycs.com/) [https://api.stripe.com](https://api.stripe.com/) [https://mpsnare.iesnare.com](https://mpsnare.iesnare.com/) [https://appcenter.intuit.com](https://appcenter.intuit.com/) [https://www.paypal.com](https://www.paypal.com/) [https://js.braintreegateway.com](https://js.braintreegateway.com/) [https://c.paypal.com](https://c.paypal.com/) [https://maps.googleapis.com](https://maps.googleapis.com/) [https://www.google-analytics.com](https://www.google-analytics.com/) [https://v.shopify.com](https://v.shopify.com/) 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=query&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fgraphql&source%5Bsection%5D=admin_api&source%5Buuid%5D=688fe46f-f8dd-406d-a838-c2a1bc3fce0c
            [X-Content-Type-Options] => nosniff
            [X-Download-Options] => noopen
            [X-Permitted-Cross-Domain-Policies] => none
            [X-XSS-Protection] => 1; mode=block; report=/xss-report?source%5Baction%5D=query&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fgraphql&source%5Bsection%5D=admin_api&source%5Buuid%5D=688fe46f-f8dd-406d-a838-c2a1bc3fce0c
            [X-Dc] => gcp-us-east1,gcp-us-east1,gcp-us-east1
            [X-Request-ID] => 688fe46f-f8dd-406d-a838-c2a1bc3fce0c
            [CF-Cache-Status] => DYNAMIC
            [Expect-CT] => max-age=604800, report-uri="[https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct](https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct)"
            [Server] => cloudflare
            [CF-RAY] => 6ab11a245960420f-YYC
            [alt-svc] => h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
        )

    [body] => {"data":{"sellingPlanGroupCreate":null},"errors":[{"message":"SellingPlanGroupCreate access denied","locations":[{"line":3,"column":4}],"path":["sellingPlanGroupCreate"]}],"extensions":{"cost":{"requestedQueryCost":10,"actualQueryCost":10,"throttleStatus":{"maximumAvailable":2000.0,"currentlyAvailable":1990,"restoreRate":100.0}}}}
3

Hi @reid-garner

Thanks for the follow up! I am seeing similar results from my testing here. I’m going to investigate this a little more and I’ll let you know what I find.

Best,

4

Thanks!

Glad it wasn’t just me being an idiot :slightly_smiling_face:

5

Hi @reid-garner

So I’ve been able to find that your app doesn’t have permissions enabled for subscriptions. This is something you can request to be enabled from within the partner dashboard in the app under “App setup” - it looks like:

21-11-wp4c5-57z98
21-11-wp4c5-57z982046×426 46.1 KB

Once the permissions are enabled there, your requests should go through as expected and allow you to add products to the selling plans.

Best,

6

Thanks. It maybe should be added to the docs :slightly_smiling_face:

Also I could have sworn that I looked through there, and didnt see that, I must be blind :slightly_smiling_face:

7

Yes, I will for sure pass this along to our docs team, as it only currently mentions the write_products scope in the required permissions section.

I missed it at first too! Not enough coffee I guess :slightly_smiling_face:

8

I’m working on a Private App, and I’m not seeing the option to request access to the Subscription API.

Is there any alternative instead of setting up a Custom app just for this?

I’m trying to Associate an existing selling plan to dynamically created products.

Thanks in advance

9

Hi @Pemic17

The subscription API is not available for private apps, as per our documentation here: https://shopify.dev/apps/subscriptions/getting-started

You will need to create a custom app and request permissions through it.

Regards,