Access denied for shopifyqlQuery

Daniel_Friis · October 23, 2025, 6:27pm

I’m running this query:


query {
   shopifyqlQuery(query: "FROM sessions SHOW sessions, pageviews TIMESERIES day WITH TOTALS, CURRENCY 'DKK' SINCE -1m UNTIL today ORDER BY day ASC VISUALIZE sessions") {
          tableData {
            columns {
              name
              dataType
              displayName
            }
            rows
          }
          parseErrors
        }
      }

With the access scope `read_reports`.

It works in development, but in production I get:

Access denied for shopifyqlQuery field. Required access: read_reports access scope. Also: Level 2 access to Customer data including name, address, phone, and email fields.

I’ve verified in the Admin panel of the shop, under Apps, that my app has the `read_reports` scope. I’ve also requested and received approval for “Protected customer data”.

Any idea what I’m doing wrong?

My dev and production app both use managed install and each have a corresponding TOML file.

Dylan · October 23, 2025, 6:47pm

Your TOML file isn’t part of the initial post, just an FYI.

Is it possible the merchant account you’re using installed before you changed scopes to include read_reports?

Uninstalling and reinstalling should show the OAuth prompt again with the fresh scopes.

Daniel_Friis · October 24, 2025, 6:43am

Hey! Yes, I have customers (merchants) on my app already. Added the new `read_reports` scope that I needed, which prompts the merchant to accept the new scope. That part works as expected. For some reason, I just still get the error `Access Denied`.

Surely, I must have missed something, but I just can’t figure out what it is.

Daniel_Friis · October 24, 2025, 7:57am

Thinking more about it… Could it be that “Level 2 access to Customer data” is required for any shopifyqlQuery?

Initially, I read it as Level 2 would be required is the query contains customer name, address, phone or email address, which is not the case for my query for sessions and page views.

Dylan · October 24, 2025, 12:07pm

Thinking more about it… Could it be that “Level 2 access to Customer data” is required for any shopifyqlQuery?

It’s definitely possible. Admittedly I haven’t used that API yet.

They might just gate that entire API just because it has the potential to access customer data, and they haven’t added granular scope controls to that.

You could spin up a development app that does have the level 2 customer data access and test a query against it to determine if maybe that is the cause.

NickP-Shopify · October 24, 2025, 1:34pm

Hi @Dylan & @Daniel_Friis,

You’re right in that your app need Level 2 customer data access today, even if that query doesn’t specifically query customer data.

Access to Analytics via shopifyqlQuery provides access to all Analytics right now and granular scopes are not applied to the various different entities. For example, having only read_products won’t limit your Analytics responses to only products/variants data.

This is something we’re aware of and will likely look to refine over time to give more granular control over the various data domains.

I’ll bring this back to my team to update our documentation/messaging so that it’s clear the Level 2 access is needed under all circumstances.

Joe_Dempsey · March 13, 2026, 8:30pm

@NickP-Shopify
just following on from this one
I have an app in dev right now and seeing this error

“Access denied for shopifyqlQuery field. Required access: read_reports access scope. Also: Level 2 access to Customer data”

query

{

 shopifyqlQuery(query: "FROM orders SHOW average_order_value SINCE -365d UNTIL today") {

__typename

tableData {

rows

}

parseErrors

}

}

app has scopes
"accessScopes": [
{
"handle": "write_products",
"description": "Modify products, variants, and collections"
},
{
"handle": "read_inventory",
"description": "Read inventory"
},
{
"handle": "write_customers",
"description": "Modify customer details and customer groups"
},
{
"handle": "read_orders",
"description": "Read orders, transactions, and fulfillments"
},
{
"handle": "read_analytics",
"description": "Read analytics"
},
{
"handle": "read_reports",
"description": "Read reports"
},
{
"handle": "write_themes",
"description": "Modify theme templates and theme assets"
},
{
"handle": "read_products",
"description": "Read products, variants, and collections"
},
{
"handle": "read_customers",
"description": "Read customer details and customer groups"
},
{
"handle": "read_themes",
"description": "Read theme templates and theme assets"
}

according to shopify docs here

it says:
If your app is for testing or installed only on a development store, you can access customer data in development after Step 5. You don’t need to submit for review.

step 5 is done
I can confirm the app is already receiving and processing protected customer data through webhooks and GraphQL Admin API calls. The inconsistency is that shopifyqlQuery is the only field that enforces the Level 2 declaration, even though we’re already handling the PII data through other endpoints.

so I can get customer data in dev app fine
but I can’t get AOV from reports which is a bit annoying

Topic		Replies	Views
Unable to use shopifyqlQuery GraphQL API Authentication & Access access-scopes	2	140	February 3, 2026
Level 2 Customer Data access issue GraphQL Admin API Troubleshooting general-gql-troubles	4	105	March 10, 2026
ShopifyQL now available within the Admin API Announcements	5	377	May 5, 2026
Required permissions for accessing non-PII aggregated data Authentication & Access access-scopes	4	91	February 17, 2026
shopifyqlQuery returns "Access denied" despite read_analytics scope, read_reports scope and PCD approved — aggregate sales metrics only Authentication & Access oauth , access-scopes	2	21	June 24, 2026

Access denied for shopifyqlQuery

Related topics