Improve documentation for privateStorefrontToken

[patdx]

I've been developing with Shopify Hydrogen in Cloudflare Workers and it was quite hard to diagnose that my requests were being throttled, because console.log(error) like here, where error is an object and not a plain string, will not show in the Cloudflare logs, so I could not easily see the "Throttled" error message. Once I realized that, I realized the privateStorefrontToken is quite important, but I could not figure out easily how to generate the privateStorefrontToken.

I know there is some documentation here.

• https://shopify.dev/custom-storefronts/hydrogen/deployment#avoid-rate-limiting-in-production
• https://shopify.dev/apps/auth/oauth/delegate-access-tokens

But I could figure out easily which scopes are needed.

My first attempt to generate a token just caused errors. Eventually I decided to copy the list of scopes from my custom development app:

And came up with this Node.js script to generate the token:

import { fetch } from 'undici';

const shop = '{{STORE_NAME_HERE}}';
const adminApiAccessToken = '{{ADMIN_API_TOKEN_HERE}}';

main();

async function main() {
  const result = await fetch(
    `https://${shop}.myshopify.com/admin/access_tokens/delegate.json`,
    {
      method: 'POST',
      headers: {
        'content-type': 'application/json',
        'X-Shopify-Access-Token': adminApiAccessToken,
      },
      body: JSON.stringify({
        delegate_access_scope: [
          'unauthenticated_write_checkouts',
          'unauthenticated_read_checkouts',
          'unauthenticated_read_product_listings',
          'unauthenticated_read_selling_plans',
          'unauthenticated_read_product_inventory',
          'unauthenticated_read_product_pickup_locations',
          'unauthenticated_read_product_tags',
          'unauthenticated_read_customers',
          'unauthenticated_write_customers',
          'unauthenticated_read_customer_tags',
          'unauthenticated_read_content',
        ],
      }),
    }
  ).then((response) => response.json());

  console.log(result);
}

Does this approach seem correct? Did I choose a good list of scopes? It would be great if you could add an easier and clearer way to generate the token to the documentation (like a copy&paste example script) or Shopify CLI, etc.