400 Bad request on requesting access_token

James_Haswell
Tourist
17 0 2
                HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://" + swiz.storeName + ".myshopify.com/admin/oauth/access_token");
                
                request.Method = "POST";
                request.ContentType = "application/x-www-form-urlencoded"; //"application/json"; //
                request.Accept = "application/json";
                request.Headers.Add("Cache-Control", "max-age=0");
                request.ContentLength = data.Length;

 

Not sure what I'm doing wrong. Any help appreciated. I've been beating my head against the wall for weeks trying to get this to work.

Installed sucessfullly, received auth token... :\

0 Likes
Alex
Shopify Staff
Shopify Staff
1555 81 294

Are you posting a body at all? What does it look like? Do you have a request-id you can share? Those are provided in response headers.

0 Likes
James_Haswell
Tourist
17 0 2

More code that includes setting the body data:

 

string result = null;

                string stringData = "client_id=" + swiz.clientID + "&client_secret=" + swiz.client_secret + "&code=" + swiz.authToken;
                var data = Encoding.ASCII.GetBytes(stringData); // or UTF8

                // Create a request for the URL.  
                HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create("https://" + swiz.storeName + ".myshopify.com/admin/oauth/access_token");
                
                request.Method = "POST";
                request.ContentType = "application/x-www-form-urlencoded"; //"application/json"; //
                request.Accept = "application/json";
                request.Headers.Add("Cache-Control", "max-age=0");
                request.ContentLength = data.Length;

                var newStream = request.GetRequestStream();
                newStream.Write(data, 0, data.Length);
                newStream.Close();

request id: "5b2d0b53-55ac-4443-b0e6-53fade27ceec"

0 Likes
Alex
Shopify Staff
Shopify Staff
1555 81 294

I'm not super familiar with your language/framework, but it looks like you're posting your parameters in the URI rather than in a JSON body. I can replicate this issue in Ruby like so:

# POST with parameters in URI with an empty body
response = Net::HTTP.post(URI("https://#{shop_name}/admin/oauth/access_token?client_id=#{API_KEY}&client_secret=#{API_SECRET}&code=..."), {}.to_json, "Content-Type"=>"application/json")

When I include my parameters in the body instead, I'm successful:

# POST with parameters in JSON body rather than URI
response = Net::HTTP.post(URI("https://#{shop_name}/admin/oauth/access_token"), {client_id: API_KEY, client_secret: API_SECRET, code: code}.to_json, "Content-Type"=>"application/json")

This is a better practice anyway, since posting credentials in URI parameters is insecure.

That's based on what I see. Again, I don't fully understand your HttpWebRequest object enough to know the intricacies of how it works.

Hope that helps.

0 Likes
James_Haswell
Tourist
17 0 2

no, it's in the body, but maybe it's not formatted right. 

 

I'm referring to a couple posts:

https://stackoverflow.com/questions/4256136/setting-a-webrequests-body-data

https://stackoverflow.com/questions/9145667/how-to-post-json-to-the-server

 

gotta head off, but I'll check that later and post my findings.

 

Thanks

James

looks like my calls are right, but the data formatting might not be in JSON

0 Likes
James_Haswell
Tourist
17 0 2

Still no go

 

request ID = "b0159615-d29e-48a7-ad7b-e821868768bd"

0 Likes
Adam_Dabbracci
Shopify Partner
3 0 1

Late to the party here but I had the same issue using Javascript's Fetch API. You need to stringify your body, which seems... weird.

fetch(`https://YOURSHOP.myshopify.com/admin/oauth/access_token`, {
body: JSON.stringify({
client_id: process.env.API_KEY,
client_secret: process.env.API_SECRET,
code: event.queryStringParameters.code,
}),
0 Likes