Permissions missing for GraphiQL

Retired Boards Appdev Graphql Basics And Troubleshooting
1

Hi everyone,

I am looking into the returns management capabilities of the Admin GraphQL API. I am experimenting with various queries and mutations using the Shopify GraphiQL App.

I am using the unstable version of the API, since that is the only one supporting returns-related queries and mutations.

For a lot of the queries, I am getting “access denied” errors (samples below). It seems like the GraphiQL app does not have the correct scope assigned (write_returns for example). However, I can find no way to edit those scopes.

Note that this works for the API key I have generated to hit this endpoint using Postman/other apps. However, I need to edit GraphiQL’s permissions, so I can also get the schema and auto-fill feature.

Did anyone else encounter this/Knows a fix for it? Thanks.

Sample query:

{
  returnableFulfillments (orderId: "gid://shopify/Order/1234") {
    edges {
      node {
        id
      }
    }
  }
}

Sample response:

{
  "data": null,
  "errors": [
    {
      "message": "Access denied for returnableFulfillments field.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "returnableFulfillments"
      ],
      "extensions": {
        "code": "ACCESS_DENIED",
        "documentation": "https://shopify.dev/api/usage/access-scopes"
      }
    }
  ],
  "extensions": {
    "cost": {
      "requestedQueryCost": 2,
      "actualQueryCost": 2,
      "throttleStatus": {
        "maximumAvailable": 1000,
        "currentlyAvailable": 998,
        "restoreRate": 50
      }
    }
  }
}
2

Hi Laurentiu23,

There’s a Returns API in beta right now [public announcement] [documentation] which is why it’s only available in the unstable version and it’s not recommended for production use yet.

The returnableFulfillments query looks at [the ReturnableFulfillment object] which requires a new read_returns access scope in addition to read_orders or read_marketplace_orders to be able to read it so adding that scope to the app that’s testing should get it working.

3

Hi, thank you for your reply.

So the app (GraphiQL) only has the current production scopes, but not the new return ones? I don’t quite understand how to update the scopes for this app? There is an “app settings” menu where I can see its current scopes, but I can’t edit them. Neither could I select them when installing the GraphiQL app.

4

Hi Laurentiu23,

That’s correct the Shopify GraphiQL Explorer App doesn’t have access to the returns scopes at this time.

Currently the next simplest alternative would be to [create a store based custom app] and use the secret key from that in an API testing tool like [Insomnia] or [Postman].

The read_returns and write_returns scopes are available [in the Admin API scope selection list] for store based custom apps.

5

Hello,

Thank you, that makes sense. And it fully answers my question. :grinning_face_with_smiling_eyes:

For anyone else that might encounter this issue in the future, note that Insomnia is my client of choice, because it correctly obtains the schema from the server, allowing me to figure out how to build queries and mutations in the app. I have not managed to make this work in Postman.