Shouldn't the unauthenticated error and success data be mutually exclusive?

amritms

Hi everyone,
This is my first time working with graphql and waveapps.
I am creating invoice on behalf of other customer.

Steps I followed:
1. Gather customer's token via oauth2/authorize api
2. create customer
3. create product
4. create draft invoice
5. approve draft invoice

While creating customer and product, I can see either errors or data. But while approving draft invoice, I am receiving both errors and data response. I have checked the waveapps, the invoice is actually approved. Why is the errors returned with data?

RobVG

Hi @amritms,

The mutation processing has two steps - mutation itself, and query (what to return after a mutation). The inputErrors are about what went wrong when trying to run the mutation, and the outer errors section is anything else, such as problems fulfilling the query.

In your scenario the mutation has succeeded, indicated by data.invoiceApprove.didSucceed: true.

The error "Action not authorized." has a path field with value ['invoiceApprove', 'invoice', 'items', 0, 'product', 'defaultSalesTaxes']. This is saying that this error occurred when trying to query/fetch the default sales taxes of the first item/product of the invoice. To retrieve sales tax data, the user needs to grant the necessary OAuth scopes of sales_tax:read or sales_tax:*. This would be similar to the scopes requested for the customer, product, and invoice resource.

One additional thing I would add is that I think you are likely fetching extra, unnecessary data as part of each request. For example, a Customer, Product, Sales Tax, Account, Invoice, etc can only ever belong to a single business. As a result, the business.id and business.name will remain the same for all of these entities you are retrieving (you seemed to ask for these fields repeatedly).