Hi @Mehmet_Talha_Seker! The storefrontAccessTokenCreate mutation requires the app to have at least one unauthenticated scope, and you have two, so that check passes.
Can you share a bit more about how your app was created and how it’s installed?
-
Was it created in the Shopify Admin, Partner Dashboard, the Dev Dashboard (dev.shopify.com/dashboard), or via
shopify app initwith the CLI? -
Is it a public app or a custom app?
-
How did you obtain the Admin access token you’re using? Specifically, is this through authorization code grant, token exchange, or client credentials grant?
If your app is a partner/public app and you need Storefront API access, you may need to configure it as a sales channel. This was discussed in detail here and here.
One other thing to confirm is that the token you’re using is an offline token (not an online/session token), since online tokens are also blocked from this mutation. If you can also grab the x-request-id response header from a denied request, that would help us look into it further on our end.