Permissions required for unauthenticated GraphQL Storefront API calls

sinuhe · June 16, 2025, 11:19am

Hi there,

I am seeing that for using the tokenless GraphQL Storefront API (Storefront API reference) some extra permissions approved by the merchant are required (Shopify API access scopes).

However, for cart stuff, considering that Shopify is encouraging us to use the Storefront API instead the classic Ajax Cart API, this is quite limiting, since to do that we should ask for new permissions to all our merchants.

Taking into account that the Ajax Cart API can be used with no permissions, would not it make sense to allow the storefront API to be used with no permissions at least for read-only cart requests? Please could you consider it?

KyleG-Shopify · June 20, 2025, 9:38pm

Hey @sinuhe, try with version 2025-07. That should work without an access token.

The docs don’t make that very clear at the moment.

Topic		Replies	Views
Permissions for creating an Storefront Access Token? Hydrogen and Storefront APIs storefront-api	2	91	April 30, 2025
What permission is required to use storefrontAccessTokenCreate mutation in Shopify Admin API? GraphQL Admin API Troubleshooting rest-migration , general-gql-troubles	15	110	May 9, 2025
Calling admin API needs to enable the storefront API permission GraphQL Admin API Troubleshooting general-gql-troubles	2	77	November 26, 2024
Storefront Access Token Creation Issue #2073 GraphQL Admin API Troubleshooting general-gql-troubles	5	213	May 8, 2025
Which Storefront API access scope can mutate cart attributes? Hydrogen and Storefront APIs storefront-api	5	70	April 23, 2025

Permissions required for unauthenticated GraphQL Storefront API calls

Related topics