Struggling to fetch order data despite having proper scopes

shoppreuser · July 16, 2025, 8:29am

Struggling to fetch order data despite having proper scopes

I’m building an app that needs to access basic order information (status, line items, prices) but I’m running into issues with both REST and GraphQL APIs. All this tried on my development store

My app setup

App has the following scopes: read_content,read_legal_policies,read_orders,read_themes,write_products,write_themes,read_all_orders
I’ve successfully stored the offline access token in my database
The token appears valid (starts with shpat_)

What I’ve tried

REST API

curl -X GET \
  "https://[my-store].myshopify.com/admin/api/2025-07/orders/1020.json?fields=id,name,created_at,total_price,line_items,financial_status,fulfillment_status" \
  -H "X-Shopify-Access-Token: [my-access-token]"

Error:

{"errors":"[API] This app is not approved to access REST endpoints with protected customer data. See https://shopify.dev/docs/apps/launch/protected-customer-data for more details."}

GraphQL API

curl -X POST \
  "https://[my-store].myshopify.com/admin/api/2025-07/graphql.json" \
  -H "X-Shopify-Access-Token: [my-access-token]" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query { order(id: \"gid://shopify/Order/1020\") { id name createdAt totalPriceSet { shopMoney { amount currencyCode } } lineItems(first: 5) { edges { node { title quantity variant { sku } } } } displayFinancialStatus displayFulfillmentStatus } }"
  }'

Response:

{"data":{"order":null},"extensions":{"cost":{"requestedQueryCost":9,"actualQueryCost":1,"throttleStatus":{"maximumAvailable":2000.0,"currentlyAvailable":1999,"restoreRate":100.0}}}}

I also tried fetching a list of orders:

curl -X POST \
  "https://[my-store].myshopify.com/admin/api/2025-07/graphql.json" \
  -H "X-Shopify-Access-Token: [my-access-token]" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query { orders(first: 5) { edges { node { id name createdAt totalPriceSet { shopMoney { amount currencyCode } } lineItems(first: 5) { edges { node { title quantity variant { sku } } } } displayFinancialStatus displayFulfillmentStatus } } } }"
  }'

Questions

Why am I getting the “protected customer data” error with REST even though I’m only requesting non-PII fields?
Why is my GraphQL query returning null for the order when I can clearly see order #1020 in my admin?
Do I need additional approvals beyond the read_orders scope to access basic order information?
Is there something wrong with my ID format in GraphQL? I’ve tried both numeric IDs and the global ID format.

Any help would be greatly appreciated. I just need to access basic order data (status, items, prices) to build my integration.

Liam-Shopify · July 16, 2025, 12:19pm

If you try running the GraphQL queries in the GraphiQL app, do they run as expected?

Do queries related to other scopes work, eg: pagesCount?

shoppreuser · July 16, 2025, 1:08pm

I run below query in GraphiQL, but I already got approval for my app for read_order scope

query {
  orders(first: 5, sortKey: CREATED_AT, reverse: true) {
    edges {
      node {
        id
        name
        createdAt
        displayFinancialStatus
        displayFulfillmentStatus
      }
    }
  }
}

Here’s its response

{
  "errors": [
    {
      "message": "This app is not approved to access the Order object. See https://shopify.dev/docs/apps/launch/protected-customer-data for more details.",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "orders"
      ],
      "extensions": {
        "code": "ACCESS_DENIED",
        "documentation": "https://shopify.dev/docs/apps/launch/protected-customer-data"
      }
    }
  ],
  "data": null,
  "extensions": {
    "cost": {
      "requestedQueryCost": 5,
      "actualQueryCost": 2,
      "throttleStatus": {
        "maximumAvailable": 2000,
        "currentlyAvailable": 1998,
        "restoreRate": 100
      }
    }
  }
}

Dylan · July 16, 2025, 3:11pm

@shoppreuser have you requested for access to Protected Customer Data from within your Partner dashboard?

Even if this is a development app, and not for public use, you’ll still need to submit a draft for Protected Customer Data from within the app’s settings in your Partner Dashboard.

After submitting the draft, if the app isn’t publicly distributed, then you’ll automatically get approval.

Topic		Replies	Views
Access denied for Order statusPageUrl field GraphQL Admin API Troubleshooting general-gql-troubles	4	22	July 14, 2025
Read_orders scope not allowing me to read orders GraphQL Admin API Troubleshooting general-gql-troubles	1	80	March 3, 2025
Can't find information going from Rest to GraphQL GraphQL Admin API Troubleshooting rest-migration , general-gql-troubles	2	64	December 5, 2024
Shopify App Development: "Access denied for orders field" Error Resolution Request GraphQL Admin API Troubleshooting general-gql-troubles	3	60	June 11, 2025
Facing retrieve less document from the graphql query GraphQL Admin API Troubleshooting general-gql-troubles	6	28	February 24, 2025

Struggling to fetch order data despite having proper scopes

Struggling to fetch order data despite having proper scopes

My app setup

What I’ve tried

REST API

GraphQL API

Questions

Related topics