I’m encountering a problem while trying to set up a Shopify Hydrogen site. When I execute the command npx shopify hydrogen, I receive an access denied error.
Here’s the error message I get:
The Admin GraphQL API returned an unsuccessful response with the following errors:
[
{
"message": "Access denied for hydrogenStorefronts field. Required access: Request must be initiated from the Shopify CLI and user must have full access to apps or access to the Hydrogen channel.",
"locations": [
{
"line": 3,
"column": 5
}
],
"path": [
"hydrogenStorefronts"
],
"extensions": {
"code": "ACCESS_DENIED",
"requiredAccess": "Request must be initiated from the Shopify CLI and user must have full access to apps or access to the Hydrogen channel."
}
}
]
Request ID: dc4f023d-ad48-4d63-afb4-973b62119c71-1713456789
I watched several tutorials that suggested I need to update my .env file with the following variables: PUBLIC_STORE_DOMAIN, PRIVATE_STOREFRONT_API_TOKEN, and PUBLIC_STOREFRONT_API_TOKEN.
However, in my .env file, I only have:
SESSION_SECRET=“mysecret”
PUBLIC_STORE_DOMAIN=“my-shop.myshopify.com”
It seems I don’t have the storefront API token variables at all. Can anyone guide me on how to obtain these tokens and resolve this access problem?
first, check if your shopify cli is up to date. i had the same problem and it turned out my cli was outdated. run npm update -g @shopify/cli and try the hydrogen command again. also make sure you’re logged in as the store owner, not a staff member - hydrogen needs owner-level access to create the api tokens automatically.
I had this exact problem a few months ago - drove me nuts. It’s not just missing tokens, it’s your Shopify store permissions and CLI authentication that’s messed up. First, log into the Shopify CLI properly: shopify auth login. Then check if your store has the Hydrogen sales channel enabled - go to Settings > Apps and sales channels in your admin panel. Don’t see Hydrogen listed? Install it from the Shopify App Store first. After that’s done, the storefront API tokens should generate automatically when you run the hydrogen command again. That ACCESS_DENIED error means you need full app access, so if you’re not the store owner, get them to give you proper permissions or have them run the setup.
The manual token juggling everyone’s suggesting is a pain. I’ve dealt with this exact scenario setting up multiple Hydrogen storefronts for different teams.
Here’s what’s happening - your CLI auth is fine, but Shopify’s being strict about automated access. Don’t fight with CLI permissions and manual tokens. Just automate the whole thing.
I built a workflow that handles Shopify auth, creates storefront tokens, and sets up the entire Hydrogen environment automatically. No more hunting for permissions or copying tokens between admin panels.
The workflow hits Shopify’s Admin API, creates the tokens you need, writes them to your env files, and validates everything before starting your dev server. Takes 30 seconds instead of hours of troubleshooting.
You can reuse the same automation for staging and production too. Way cleaner than the manual CLI dance.
Set this up once and never deal with Hydrogen permission headaches again: https://latenode.com
You’re skipping authentication. That error means your CLI doesn’t have the right Hydrogen permissions. First run shopify auth logout to clear old sessions, then shopify auth login with an account that has full store access. You’ll see Hydrogen permissions pop up during login - make sure you approve them. Once that’s done, npx shopify hydrogen init should work fine and create those storefront tokens automatically. I had the same problem using a collaborator account instead of the owner account. Hydrogen needs elevated permissions that regular staff don’t get.
Your Shopify store doesn’t have proper API access for Hydrogen development. Those missing storefront tokens? They’re just a symptom - not the real problem. I hit this exact issue last year migrating a store to Hydrogen. Here’s what’s happening: Shopify locks the hydrogenStorefronts GraphQL field behind specific channel permissions. Go to your Shopify admin → Settings → Apps and sales channels. Search for the Hydrogen sales channel and install it if it’s not there already. Then enable it for your store. Run shopify hydrogen init again - it’ll automatically generate both private and public storefront API tokens in your environment file. The CLI can only create these tokens when the Hydrogen channel is configured properly. Without it enabled, Shopify blocks all Hydrogen-related API calls no matter what permissions you have.
Your error message screams permissions issue, not missing environment variables. The “user must have full access to apps or access to the Hydrogen channel” part gives it away - your account doesn’t have the right role.
I hit this same wall on a client project where I was added as staff. Had most permissions but Hydrogen needs either store owner access or explicit Hydrogen channel permissions. The store owner had to go into Settings > Users and permissions, find my account, and grant access to the Hydrogen sales channel under “Apps and channels.”
If you’re the store owner, try shopify app generate first instead of the hydrogen command - sometimes this forces the proper permission handshake. Then go back to the hydrogen command. Once permissions are sorted, the storefront API tokens should generate automatically. No need to create them manually.