Why i use customerAccessTokenDelete always told me ACCESS_DENIED

Retired Boards Appdev Custom Storefronts

Topic summary

A developer is encountering an ACCESS_DENIED error when attempting to use the customerAccessTokenDelete mutation in Shopify’s Storefront API.

Error Details:

  • The API returns an error requiring the unauthenticated_write_customers access scope
  • Error message states: “Access denied for field customerAccessTokenDelete. Required access: unauthenticated_write_customers access scope. Also: Requires valid customer access token.”

Current Setup:

  • Using Storefront API endpoint (2023-01 version)
  • Authenticating with X-Shopify-Storefront-Access-Token header
  • Providing a customer access token in the mutation variables

Key Issue:
The developer claims to have “opened all auth” but the Storefront API is rejecting the request due to missing scope permissions. The unauthenticated_write_customers scope appears to be required for this operation but may not be properly configured in the Storefront Access Token settings.

Status: Unresolved - awaiting guidance on proper scope configuration for customer token deletion.

Summarized with AI on November 22. AI used: claude-sonnet-4-5-20250929.
1

curl --location --request POST ‘https://shein-test2.myshopify.com:443/api/2023-01/graphql.json
–header ‘X-Shopify-Storefront-Access-Token: xxxxxx’
–header ‘User-Agent: Apifox/1.0.0 (https://www.apifox.cn)’
–header ‘Content-Type: application/json’
–data-raw ‘{
“variables”: {
“customerAccessToken”: “7vYoudrYRBwsPNDtABBsIwkE4t6K2GAhawFdtknMxnxAqXBIUb8n2k8HUiQixRoM4t1_lHF46CMo0-Y9Yr-KWQywTWYOP1CpeJHvOSNI90KQfSg4L0zn_IHXzrKJxomoOIHA8HNZ0ZGQbmzKn_GCbCyiWNkYxJ9OsjGy97avwj5gK7uRTLTBd5521WOcjrlsVKytujI4gqLnQoTLxjeIOulWNn1VTWkb9pmO2ev4n0Cli1Z9T75OVJybcVQSZ_T0xdjqogB5NXbwaF9-9ZA-pZvo7MGSVB8MvUfae1eKXHM”
},
“query”: “mutation customerAccessTokenDelete($customerAccessToken: String!) { customerAccessTokenDelete(customerAccessToken: $customerAccessToken) { deletedAccessToken deletedCustomerAccessTokenId userErrors { field message } }}”
}’

response this

{
“data”: {
“customerAccessTokenDelete”: null
},
“errors”: [
{
“message”: “Access denied for customerAccessTokenDelete field. Required access: unauthenticated_write_customers access scope. Also: Requires valid customer access token.”,
“locations”: [
{
“line”: 1,
“column”: 70
}
],
“path”: [
“customerAccessTokenDelete”
],
“extensions”: {
“code”: “ACCESS_DENIED”,
“documentation”: “https://shopify.dev/api/usage/access-scopes”,
“requiredAccess”: “unauthenticated_write_customers access scope. Also: Requires valid customer access token.”
}
}
]
}

but i am sure i had open all auth

boxifeng_0-1677310669298.png
boxifeng_0-1677310669298.png1740×746 101 KB

2 Likes