I have some weird access errors trying to mutate Customer metafields via a Customer Account extension. No matter what, in all POST requests I’m met with "Access denied for metafieldsSet field. Required access: access defined by each metafield input "ownerId" scalar's type in a "MetafieldsSetInput" field.\nFor example, setting a metafield on a "CUSTOMER" requires the same access as mutating a "CUSTOMER".\n"
I have no trouble fetching the metafield. It’s only mutations.
I have the following scopes set in both shopify.extension.toml and shopify.app.toml: customer_read_customers,read_customers,write_customers,customer_write_customers
@curzey it’s not documented well but our team ran into a similar issue and figured out that you can only set the Customer Account API access on app owned metafields (i.e. using the app reserved namespace). For merchant owned metafields, the access has to be set manually through the Shopify admin settings.
@Brett that sounds interesting, and possibly also true. Maybe @Kenza_Iraki can elaborate on this. But is that also relevant for Customer Account Extensions? I’m trying to keep it small an native to avoid external hosting etc.
@Kenza_Iraki I did not - it’s not a listed app. It’s just private custom distribution app for a client. Hell, as far as I am currently it’s just scoping and testing on a dev store / app
Maybe @Kenza_Iraki can elaborate on this. But is that also relevant for Customer Account Extensions? I’m trying to keep it small an native to avoid external hosting etc.
Yes - Brett is correct, if you’re creating the metafield from the admin, you need to set the correct access for that metafield in the Custom data settings.
Alright, two more ideas to try out from an engineer on my team:
You mentioned have the access scopes in your app toml file, but did you also run shopify app deploy and accept the new scopes from the shop you’re testing on?
Do you happen to be testing this on the customer accounts order status page in a pre-authenticated state?
I’m deffo working with a normally admin-created metafield. Generally I just need to store some custom Customer specific data that they need to be able to modify themselves.
I did deploy
I’m not in the pre auth state
And for the winner; my ignorance - I’ve totally forgot to open the app and accept new access scopes. I’ve just checked the app dashboard and noticed the access scopes listed there.
@curzey glad you were able to get that figured out here and it was simple solution! Sounds like what you were experiencing here is a bit of a different situation than we ran into.
When creating a non app-owned metafield via Admin API, we cannot set the Customer Accounts API access. We’re having to detect this and display a warning in our app to instruct the merchant to manually change the access setting through the Shopify admin settings if necessary.
When creating an app-owned metafield via Admin API, we can include the Customer Accounts API access setting and all works correctly.
Either way, once the access permission is set correctly actually writing to the metafield isn’t a problem so no issue there.
It’s been a couple of months since we’ve built this feature so it is possible something has changed or been updated here, but that was our experience with this.
@Kenza_Iraki Thanks for sharing! We were participating in the launch program for Customer Account Extensions so our features were all built out well before this.
I believe we may have missed this change with all of the other announcements and the customer account extension launch on that day, but I’ll make sure to pass this information on to our team to test and let you know if we experience any problems with it. Thanks again for flagging this.