shopifyqlQuery returns "Access denied" despite read_analytics scope, read_reports scope and PCD approved — aggregate sales metrics only

Authentication & Access
,
1

I’m building a Shopify embedded app and trying to use shopifyqlQuery to fetch aggregate net sales (no customer PII). My query is:

{
shopifyqlQuery(query: "FROM sales SHOW net_sales SINCE 2026-03-23 UNTIL 2026-06-21") {
... on TableResponse {
tableData {
rowData
columns { name dataType }
}
}
parseErrors { code message }
}
}

Error:
Access denied for shopifyqlQuery field. Required access: read_reports scope.

What I’ve done with Protected Customer Data:

  • PCD was approved on May 8, 2026

  • I went into “Manage” and selected all 4 customer data fields (Name, Email, Phone, Address) with reason = “Analytics”

  • Completed the data protection questionnaire

  • Status still shows “Draft” and the below banner persists in the Partner Dashboard

    image
    image1742×230 23.5 KB

    Questions:

    1. Is PCD Level 2 approval actually required for shopifyqlQuery when fetching only aggregate metrics like net_sales (no row-level customer data)?
    2. If yes — what does it take to move PCD status from “Draft” to “Approved”? I answered “No” to “do you log access to personal data” and “do you have a security incident response policy” — does that block approval?
    3. The error says read_reports scope is required, but my understanding is read_reports is for saved Shopify reports, while read_analytics is for shopifyqlQuery. Which scope is actually correct for shopifyqlQuery?

    API version: 2025-10. App type: embedded, public.

2 
{
  shopifyqlQuery(query: "FROM sales SHOW net_sales SINCE 2026-03-23 UNTIL 2026-06-21") {
    tableData {
      rows
      columns { name dataType }
    }
    parseErrors
  }
}

This query is also hitting the same error

3

Hey @ozworld - thanks for reaching out :wave:

This looks like expected behaviour for shopifyqlQuery at the moment. The field itself requires the read_reports access scope, and it does require Level 2 access to customer data including name, address, phone, and email fields:

There’s also some broader context on requesting protected customer data access here:

So even though your ShopifyQL query is only asking for aggregate sales metrics, the access check is applied to the shopifyqlQuery field itself. read_analytics wouldn’t satisfy that specific field requirement, so you’ll want read_reports plus approved Level 2 PCD access for those customer data fields.

If the PCD status is still showing as Draft in the Partner Dashboard, that likely means the request hasn’t been fully submitted/approved for the app yet. I can’t confirm from here whether a specific questionnaire answer is blocking approval, but the access will need to be approved on that app before this query will work.

Hope this helps clarify things on our end here.