We have a public Shopify app that uses the `themeFilesUpsert` mutation to create three template files in the merchant’s theme:
* `templates/agents.md.liquid`
* `templates/llms.txt.liquid`
* `templates/robots.txt.liquid`
These are new file creations only — we don’t modify any existing theme files.
**What’s working**
Our development app has the same scopes and exemption, and `themeFilesUpsert` works correctly. The merchant has reinstalled the app to re-authorize with the updated scopes.
**What’s not working**
Our production app receives an `ACCESS_DENIED` error when calling `themeFilesUpsert`:
> “The user needs write_themes and an exemption from Shopify to modify theme files.”
**What we’ve confirmed**
* `write_themes` is included in our app’s access scopes in the TOML configuration.
* `shopify app deploy` has been run to sync the configuration.
* Shopify App Review confirmed that the exemption is approved and the `write_theme_api` scope is correctly granted on their end.
* The merchant has reinstalled the app to accept the updated scopes.
* The same code works correctly on our development app with the same exemption.
**API version:** `2026-04`
**Mutation used**
```graphql
mutation themeFilesUpsert(
$files: [OnlineStoreThemeFilesUpsertFileInput!]!,
$themeId: ID!
) {
themeFilesUpsert(files: $files, themeId: $themeId) {
upsertedThemeFiles {
filename
}
userErrors {
filename
message
}
}
}
```
Has anyone encountered a situation where a theme file exemption is approved but `themeFilesUpsert` still returns `ACCESS_DENIED` for the production app while working for the development app? Is there any additional activation or configuration step required beyond `shopify app deploy` to enable the exemption on a production app?