ActiveResource::ForbiddenAccess (Failed. Response code = 403. Response message = Forbidden.)

4 0 0

I wanted to get a list of orders, and I developed the following code on home_controller, but I got an error.

スクリーンショット 2019-05-18 19.34.12.png


The error log is here.


2019-05-18T10:28:56.331148+00:00 heroku[web.1]: Starting process with command `bin/rails server -p 39246 -e production`
2019-05-18T10:29:02.881368+00:00 app[web.1]: => Booting Puma
2019-05-18T10:29:02.881396+00:00 app[web.1]: => Rails 5.2.3 application starting in production
2019-05-18T10:29:02.881397+00:00 app[web.1]: => Run `rails server -h` for more startup options
2019-05-18T10:29:05.675517+00:00 heroku[web.1]: State changed from starting to up
2019-05-18T10:29:05.594687+00:00 app[web.1]: Puma starting in single mode...
2019-05-18T10:29:05.594738+00:00 app[web.1]: * Version 3.12.1 (ruby 2.6.1-p33), codename: Llamas in Pajamas
2019-05-18T10:29:05.594740+00:00 app[web.1]: * Min threads: 5, max threads: 5
2019-05-18T10:29:05.594741+00:00 app[web.1]: * Environment: production
2019-05-18T10:29:05.595441+00:00 app[web.1]: * Listening on tcp://
2019-05-18T10:29:05.595647+00:00 app[web.1]: Use Ctrl-C to stop
2019-05-18T10:29:17.071195+00:00 app[web.1]: I, [2019-05-18T19:29:17.070996 #4]  INFO -- : [3de78d55-69a1-40a7-858e-1024c2967525] Started GET "/home/index_order" for at 2019-05-18 19:29:17 +0900
2019-05-18T10:29:17.073049+00:00 app[web.1]: I, [2019-05-18T19:29:17.072981 #4]  INFO -- : [3de78d55-69a1-40a7-858e-1024c2967525] Processing by HomeController#index_order as HTML
2019-05-18T10:29:17.216004+00:00 app[web.1]: D, [2019-05-18T19:29:17.215848 #4] DEBUG -- : [3de78d55-69a1-40a7-858e-1024c2967525]   Shop Load (1.9ms)  SELECT  "shops".* FROM "shops" WHERE "shops"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
2019-05-18T10:29:17.622786+00:00 heroku[router]: at=info method=GET path="/home/index_order" host=[shop_name] request_id=3de78d55-69a1-40a7-858e-1024c2967525 fwd="" dyno=web.1 connect=0ms service=587ms status=500 bytes=1827 protocol=https
2019-05-18T10:29:17.620281+00:00 app[web.1]: I, [2019-05-18T19:29:17.620150 #4]  INFO -- : [3de78d55-69a1-40a7-858e-1024c2967525] Completed 500 Internal Server Error in 547ms (ActiveRecord: 41.4ms)
2019-05-18T10:29:17.621075+00:00 app[web.1]: F, [2019-05-18T19:29:17.620995 #4] FATAL -- : [3de78d55-69a1-40a7-858e-1024c2967525]
2019-05-18T10:29:17.621171+00:00 app[web.1]: F, [2019-05-18T19:29:17.621099 #4] FATAL -- : [3de78d55-69a1-40a7-858e-1024c2967525] ActiveResource::ForbiddenAccess (Failed.  Response code = 403.  Response message = Forbidden.):
2019-05-18T10:29:17.621251+00:00 app[web.1]: F, [2019-05-18T19:29:17.621175 #4] FATAL -- : [3de78d55-69a1-40a7-858e-1024c2967525]
2019-05-18T10:29:17.621366+00:00 app[web.1]: F, [2019-05-18T19:29:17.621260 #4] FATAL -- : [3de78d55-69a1-40a7-858e-1024c2967525] app/controllers/home_controller.rb:14:in `index_order'




def index_order
    shop_url = "https://[API key]:[API secret key]" = shop_url
    shop = ShopifyAPI::Shop.current

    @orders = ShopifyAPI::Order.find(:all, params: { limit: 10 })
    render 'index', formats: 'json', handlers: 'jbuilder'


Rails.application.routes.draw do
  root :to => 'home#index'
  mount ShopifyApp::Engine, at: '/'

  get 'home/index_order'


ShopifyApp.configure do |config|
  config.application_name = "My Shopify App"
  config.api_key = "API_Key"
  config.secret = "API_Secret_Key"
  config.old_secret = "<old_secret>"
  config.scope = "read_products, read_orders, write_orders, read_fulfillments, write_fulfillments, read_shipping, write_shipping" # Consult this page for more scope options:
  config.embedded_app = false
  config.after_authenticate_job = false
  config.api_version = "2019-04"
  config.session_repository = Shop



Please let me know how to solve the error. 

4 0 0

Could anyone help me?

Shopify Partner
9 1 0

Not sure if youfigured it out yet but I may have a similar issue


I think our issues lye with our ruby version


I'm using 2.5.2 which allows a lot but I am unable to start a session, or at least finish the process?, with existing tokens and domains.


Check my post reply, I am testing this shortly with 2.4.5