Access_Denied error even if i have the required scope

Extensions
1

I am trying to run this query in my customer-account extension: const apiVersion = ‘2025-10’;
const graphQlUrl = `shopify://customer-account/api/${apiVersion}/graphql.json`;
const query = {
query: `
query {
shop {
id
name
myshopifyDomain
}
customer {
id
firstName
lastName
emailAddress {
emailAddress
}
}
}
`,
};

const response = await fetch(graphQlUrl, {
method: ‘POST’,
headers: { ‘Content-Type’: ‘application/json’ },
body: JSON.stringify(query),
});

const data = await response.json();

console.log(“actual data====================>”, JSON.stringify(data, null, 2)); for this exact thing i got this error: actual data====================> {
“errors”: [
{
“message”: “Access denied for customer field. Required access: customer_read_customers access scope.”,
“locations”: [
{
“line”: 8,
“column”: 9
}
],
“extensions”: {
“code”: “ACCESS_DENIED”,
“documentation”: " Shopify API access scopes ",
“requiredAccess”: “customer_read_customers access scope.”
},
“path”: [
“customer”
]
}
],
“data”: null,
“extensions”: {
“cost”: {
“requestedQueryCost”: 3,
“actualQueryCost”: 2,
“throttleStatus”: {
“maximumAvailable”: 7500,
“currentlyAvailable”: 7498,
“restoreRate”: 100
}
}
}
}; now my problem is i have this scopes : scopes = “customer_read_customers,customer_read_orders,read_assigned_fulfillment_orders,read_cart_transforms,read_content,read_customers,read_discounts,read_draft_orders,read_fulfillments,read_inventory,read_locales,read_merchant_managed_fulfillment_orders,read_metaobjects,read_orders,read_price_rules,read_products,read_script_tags,read_shipping,read_themes,read_third_party_fulfillment_orders,unauthenticated_read_product_listings,write_assigned_fulfillment_orders,write_cart_transforms,write_checkouts,write_content,write_customers,write_discounts,write_draft_orders,write_fulfillments,write_inventory,write_merchant_managed_fulfillment_orders,write_orders,write_price_rules,write_products,write_script_tags,write_shipping,write_themes,write_third_party_fulfillment_orders”; but i am still getting this error ; another i have done the reinstall thing but still the error persist; this thing works on developement as most of the scopes are readly available in development but the error persist in production; so i thought should i check the scopes granted by the shop to the admin and i ran this query : const response = await fetch(
https://$``{shop}/admin/api/2026-04/graphql.json,
{
method: “POST”,
headers: {
“Content-Type”: “application/json”,
“X-Shopify-Access-Token”: ${token},
},
body: JSON.stringify({
query: query { appInstallation { accessScopes { handle } } } ,
}),
}
); for this i am getting this : {
“data”: {
“appInstallation”: {
“accessScopes”: [
{
“handle”: “customer_read_orders”
},
{
“handle”: “unauthenticated_read_product_listings”
},
{
“handle”: “write_assigned_fulfillment_orders”
},
{
“handle”: “write_cart_transforms”
},
{
“handle”: “write_checkouts”
},
{
“handle”: “write_content”
},
{
“handle”: “write_customers”
},
{
“handle”: “write_discounts”
},
{
“handle”: “write_draft_orders”
},
{
“handle”: “write_fulfillments”
},
{
“handle”: “write_inventory”
},
{
“handle”: “write_merchant_managed_fulfillment_orders”
},
{
“handle”: “write_orders”
},
{
“handle”: “write_price_rules”
},
{
“handle”: “write_products”
},
{
“handle”: “write_script_tags”
},
{
“handle”: “write_shipping”
},
{
“handle”: “write_themes”
},
{
“handle”: “write_third_party_fulfillment_orders”
},
{
“handle”: “read_assigned_fulfillment_orders”
},
{
“handle”: “read_cart_transforms”
},
{
“handle”: “read_checkouts”
},
{
“handle”: “read_content”
},
{
“handle”: “read_customers”
},
{
“handle”: “read_discounts”
},
{
“handle”: “read_draft_orders”
},
{
“handle”: “read_fulfillments”
},
{
“handle”: “read_inventory”
},
{
“handle”: “read_merchant_managed_fulfillment_orders”
},
{
“handle”: “read_orders”
},
{
“handle”: “read_price_rules”
},
{
“handle”: “read_products”
},
{
“handle”: “read_script_tags”
},
{
“handle”: “read_shipping”
},
{
“handle”: “read_themes”
},
{
“handle”: “read_third_party_fulfillment_orders”
}
]
}
},
“extensions”: {
“cost”: {
“requestedQueryCost”: 2,
“actualQueryCost”: 2,
“throttleStatus”: {
“maximumAvailable”: 2000,
“currentlyAvailable”: 1998,
“restoreRate”: 100
}
}
}
}; it doesn’t have the customer_read_customers but this is from the admin side not extension so the scopes may vary. also inside the customer-account page isn’t the customer already authenticated so do i need to expand on it because currently my toml doesn’t have this tag: [customer_authentication]; please explain how do i solve this

2

Hey @ishwar_kalmegh :waving_hand: thanks for the detailed writeup.

Based on the context that it “works in development, fails in production” here’s one troubleshooting step you can try first:

  1. Request protected customer data access in the Partner Dashboard. Go to your app > API access > Protected customer data access, request access, and individually request the Name and Email fields if you haven’t already (those are approved separately since they identify customers). Details here: Work with protected customer data

Dev stores can read protected customer datas without review, but live stores need the app approved first which could be the case here

The second thing I would try:

  1. Deploy the app and make sure you’re using the latest version of the app/scopes on your production store. If your local files have un-deployed changes, updating shopify.app.toml locally isn’t enough. The latest released version can still have the old scopes, which could be why customer_read_customers is missing from your appInstallation list. Run shopify app deploy so the released version carries it, then have the merchant re-authorize the new scope prompt. If your app uses Shopify managed install (the default for CLI apps), the released config is what governs the grant, so a reinstall won’t add a scope you haven’t deployed yet.

On the [customer_authentication] question: you don’t need it. Direct API access from a customer account UI extension is authenticated automatically, so that block won’t change anything here.

If those two don’t sort it out, I can definitely take a look at your app ID and shop ID to see if there’s anything else that might be causing an issue. I can set up a DM if you’d like, just let me know.

Hope this helps!