How to activate or register the fulfillment constraints function?

If we’re using the fulfillment constraints function api and we have an extension only app built with our function, how do we activate this on a new shop once we’ve installed the app? Normally with a discount function or cart transform, it’s as simple as deploying, getting the install link, installing, then adding graphiql explorer to the shop + running the mutation. But with the fulfillmentConstraintRuleCreate I’m having a hard time.

Yes we’ve added the required access scopes to the toml file, deployed and released the version. Yes the app is installed on the shop.

Mutation: mutation { fulfillmentConstraintRuleCreate( functionHandle: "fulfillment-constraints" deliveryMethodTypes: [SHIPPING, PICK_UP, LOCAL] ) { fulfillmentConstraintRule { id } userErrors { field message } } }

I keep getting the error **Access denied for fulfillmentConstraintRuleCreate field. Required access: write_fulfillment_constraint_rules access scope
**
The answer can’t be to run shopify app dev, use the local graphiql explorer client to run the mutation and then disconnect the running app? It didn’t work that way for discount functions or cart transforms.

And if you’re a partner/collaborator having to do that would complicate things if the app needs to be installed on a client shop.

Hi @justinb thanks for reaching out

I completely understand why you reached out to us about this as the process is a little different. The short version: the GraphiQL Admin app doesn’t expose write_fulfillment_constraint_rules, by design. The mutation has to be called under your app’s token, not the GraphiQL app’s. Kellan from Shopify confirmed this in a related thread:

For an extension-only app that is part of a partner organization, here are a couple different options to explore:

1. Admin UI extension that calls the mutation: An admin.block.render or admin.action.render target can run the mutation via its query API under your app’s session. This requires more setup, but is a self-serve option for client shops and stays within the extension-only model.
2. Add a lightweight backend and use token exchange : If you need a stored offline token (e.g. for webhooks, background jobs, or any flow outside an admin UI session), use token exchange to get an access token for your app. Note that at this point your app is no longer strictly extension-only
3. Running shopify app dev and the using your app’s GraphiQL instance: This will work for development stores, but not for a production store outside of your partner org.

If your app is part of the same organization as the store you’re installing it on, the Client Credentials grant could be an option to check out as well to get an access token

Here’s some relevant docs to explore as well:

• Exchange a session token for an access token
• Admin UI Extensions Direct API access
• fulfillmentConstraintRuleCreate - GraphQL Admin
• Using the client credentials grant

I hope this help and let me know if you have any other questions!