If the app does have the required write_draft_orders scope, it’s also important to know that if you are making the call from an embedded app in the Shopify Admin, including the Shopify GraphiQL App, the staff member that is logged into the admin when making the call does also need to have the write_draft_orders permission as well. You can review staff permissions in the admin following these Help Center documentation, ensuring the staff has the view and create and edit permissions for Draft Orders.
If you’ve confirmed that the issue is not due to the user or app permissions we can definitely help you look into this further, though we will need you to reach out to our Support Team directly to help authenticate on the store and look into this further with specific examples.
If you can please gather the following context to provide to our support team:
Which App is making the API call? (URL of app in store admin is best)
Is the issue happening for multiple stores or just one? Please include one or more specific store URL’s.
What is the scope of the issue? eg. Is it happening only via the API or is there an aspect that affects the admin or storefront as well?
Is this issue occurring when making the call via a different API client like Postman or via a direct CURL call?
Please provide us with some details on a specific example where this occurred in the last 14 days, including:
Timestamp when this occurred
Full HTTP Request Body and Headers (no private keys or access tokens shared)
Full HTTP Response Body and Headers (no private keys or access tokens shared)
if you are unable to provide the full response, please be sure to provide at least the timestamp and the x-request-id from the response headers to help us find the call in our internal logs
Once you’ve gathered the information above, please do reach out via our Shopify Help Center, and our Support Team can help with further troubleshooting.
I hope this helps, and I hope you have a great day