Access denied for shopifyqlQuery

Authentication & Access
1

I’m running this query:


query {
   shopifyqlQuery(query: "FROM sessions SHOW sessions, pageviews TIMESERIES day WITH TOTALS, CURRENCY 'DKK' SINCE -1m UNTIL today ORDER BY day ASC VISUALIZE sessions") {
          tableData {
            columns {
              name
              dataType
              displayName
            }
            rows
          }
          parseErrors
        }
      }

With the access scope `read_reports`.

It works in development, but in production I get:

Access denied for shopifyqlQuery field. Required access: read_reports access scope. Also: Level 2 access to Customer data including name, address, phone, and email fields.

I’ve verified in the Admin panel of the shop, under Apps, that my app has the `read_reports` scope. I’ve also requested and received approval for “Protected customer data”.

Any idea what I’m doing wrong?

My dev and production app both use managed install and each have a corresponding TOML file.

2

Your TOML file isn’t part of the initial post, just an FYI.

Is it possible the merchant account you’re using installed before you changed scopes to include read_reports?

Uninstalling and reinstalling should show the OAuth prompt again with the fresh scopes.

3

Hey! Yes, I have customers (merchants) on my app already. Added the new `read_reports` scope that I needed, which prompts the merchant to accept the new scope. That part works as expected. For some reason, I just still get the error `Access Denied`.

Surely, I must have missed something, but I just can’t figure out what it is.

4

Thinking more about it… Could it be that “Level 2 access to Customer data” is required for any shopifyqlQuery?

Initially, I read it as Level 2 would be required is the query contains customer name, address, phone or email address, which is not the case for my query for sessions and page views.

5

Thinking more about it… Could it be that “Level 2 access to Customer data” is required for any shopifyqlQuery?

It’s definitely possible. Admittedly I haven’t used that API yet.

They might just gate that entire API just because it has the potential to access customer data, and they haven’t added granular scope controls to that.

You could spin up a development app that does have the level 2 customer data access and test a query against it to determine if maybe that is the cause.

6

Hi @Dylan & @Daniel_Friis,

You’re right in that your app need Level 2 customer data access today, even if that query doesn’t specifically query customer data.

Access to Analytics via shopifyqlQuery provides access to all Analytics right now and granular scopes are not applied to the various different entities. For example, having only read_products won’t limit your Analytics responses to only products/variants data.

This is something we’re aware of and will likely look to refine over time to give more granular control over the various data domains.

I’ll bring this back to my team to update our documentation/messaging so that it’s clear the Level 2 access is needed under all circumstances.