Storefront API always returns status 403

Retired Boards Appdev Custom Storefronts
1

Hello,

I’m starting a development using the API gateway, I’ve already created an PUBLIC app and turned it into a sales channel. After that I entered the oAuth URL to get the permissions and code to generate the token:

https://shop.myshopify.com/admin/oauth/authorize?client_id=XXX&scope=unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags&redirect_uri=https://XXX&state=nonce1

After that, I created the token:

POST https://shop.myshopify.com/admin/oauth/access_token

{
"client_id": "XXX",
"client_secret": "shpss_YYY,
"code": "TTT"
}

This request returned a JSON that looked like this:

{
"access_token": "shpat_CCC",
"scope": "unauthenticated_read_product_listings,unauthenticated_write_checkouts,unauthenticated_write_customers,unauthenticated_read_customer_tags,unauthenticated_read_content,unauthenticated_read_product_tags"
}

Now when I try to run any route from the storefront API, for example:

POST https://shop.myshopify.com/api/2021-10/graphql.json
HeaderX-Shopify-Storefront-Access-Token: shpat_CCC

{
  products(first:5) {
    edges {
      node {
        id
      }
    }
  }
}

I get a 403 Forbidden error. Has anyone ever experienced this? Can you help me solve it?

1 Like
2

Hey @leonardovilarin ,

Just wanted to follow up and ask if you are still facing this 403 error?

From the info shared, it appears you may be using an “access_token” - An API access token that can be used to access the shop’s data as long as your app is installed. Your app should store the token somewhere to make authenticated requests for a shop’s data.

An access token is generated in the OAuth process differs from a storefront access token, and these are not interchangeable.

As long as your app has been made into a Sales Channel and requested the correct scopes through OAuth, the next step would be a request to the Admin API through a REST call or via GraphQL to generate a new storefront access token. For more insights, I would suggest working through our Storefront API getting started guide here as well as taking a look through the Storefront API learning kit for more details.

Hope that offers a good start - Cheers!

3

I also always get status 403 Forbidden for storefront api from postman and even from my vue app.

4

Hi,

I am building a public app, and now I am struggling with how to turn my public app into a sales channel? Could you help me? Thank you so much!

5

@awwdam I’ve been looking for a solution for a similar problem with Shopify Storefront API. The documentation (https://shopify.dev/api/storefront)) doesn’t specify that the app should necessarily be a Sales Channel to use the API.

If we try to get storefront access token with a regular app, the API will return us:

“App must have a channel record to create a storefront access token.”

But what if we need to use Storeftont API endpoint in a regular app that is not a Sales Channel and doesn’t even similar to functionality of sales channel (e.g. the app is not helping to sell anything, but works with different parts of Storefront API)?

6

Hi! Do we have to convert it to a Sales Channel? What if it’s a Checkout UI extension? Thanks!