We make a software that integrates into an ERP system. Our software works with all the big name shopping carts and marketplaces out there. We have many customers using it. It is not a browser-based system. It sits on a server on the same network as the customer’s ERP system. The process used to be: “Here just follow this document. Click on a few things in your Shopify store and give us the access token. Copy/paste into the settings in our software…” . Super simple.
So now, they just do the same thing with client ID / client Secret, right? Wrong!!! Using the new method of making an app in your own store and using client ID/ client Secret, you cannot get access to orders. When you try to add orders to your access scope using Shopify’s UI in your store, the big access scope box turns red. It does not explain why its red. It just turns red, does not offer any explanation why, and does not let you save.
So apparently, in order to gain access to orders (why would any company need access to their own orders? What could they possibly ever need that data for???), one must create an “app” in the Shopify Partners website. Then one must “install” the app on their Shopify store.
Then here is the broken part: The client ID / client Secret you get from the Shopify partner website cannot be used to generate your access token programmatically the same way you can with ClientID/secret you generate inside your own store. If you try, you get this big error (in html, not json of course):
System.Exception: 'Shopify authorization token request failed: BadRequest –
Oauth error shop_not_permitted: Client credentials cannot be performed on this shop.
So what is the exact process that any given company should use if they want API access to their own orders?