How to use Storefront API in public app without Sales Channel approval?

Hi all,

Is it possible to use the storefrontAccessTokenCreate mutation without having the app approved as a Sales Channel?

I’ve tried submitting multiple times as a Sales Channel, but got rejected each time with very limited feedback – just a screenshot and a vague comment saying “your app doesn’t have a platform, it only creates a page.” (screenshot below).

The app is a simple custom storefront (via app proxy or external domain).
It’s not a consumer platform like Facebook or Instagram – true – but it does provide a page where products can be showcased outside the Online Store.

That Sales Channel rejection is just context for why I ended up going as a regular public app instead.

But now I’m stuck again: I can’t seem to get the storefrontAccessTokenCreate mutation to work (as non Sales Channel app) – it always throws the GraphQL error: "Access denied for storefrontAccessTokenCreate field."

In general, it’s still unclear when an app should be a Sales Channel, when it must be, and what exactly requires that classification.

Would appreciate any clarity or experience from others who’ve faced this.

Thanks :slight_smile:

My best guess is that you need at least one ‘unauthenticated’ scope before you can create a storefrontAccessToken - it is not required (anymore) that your app is a sales channel.

Perfect, thanks!

Turns out I had a small misconfiguration after switching the app from a Sales Channel to a regular public app. It’s working now as a regular app :rocket:

Curious if you know what does require Sales Channel status these days? Or is it mostly just a categorization now? Still unsure whether I should stick with a normal app or keep trying for Sales Channel approval - especially since the decision is irreversible once approved.

Also worth noting: it didn’t work fully out of the box. Just having checkout permissions like

unauthenticated_read_checkouts  
unauthenticated_write_checkouts  

wasn’t enough - I also had to add unauthenticated_read_metaobjects, which I needed anyway. I assume that’s because the checkout scopes themselves don’t require a Storefront Access Token, but metaobjects do.

Something to keep in mind if anyone else runs into the same issue.

Appreciate the help :slight_smile:

1 Like