Basic GET failing

Solved
ChdSoftware
New Member
2 0 1

Trying just basic request to API and keep getting status of "401 Unauthorized" and response is

"errors""[API] Invalid API key or access token (unrecognized login or wrong password)"
 
Was wondering if someone had any ideas?
 
Thanks!
 

Was following 

https://help.shopify.com/en/api/getting-started/making-your-first-request

and using Postman so this

https://help.shopify.com/en/api/guides/using-postman

For those not familiar with Postman - it's a simple tool that allows you to quickly and easily test requests and see the response.

I've tried putting username and password in URL, tried putting it in Postman Request, tried putting it in Collection Authentication .  

I have created a new API secret key and same error.

I am using GET method and URL is

https://chd-test-store-01.myshopify.com/admin/api/2020-01/shop.json

 

Request going out to shopify is (captured using Fiddler):

GET https://chd-test-store-01.myshopify.com/admin/api/2020-01/shop.json HTTP/1.1
Content-Type: application/json
Authorization: Basic ZGVmNWM2MGFjNjNkZTg2OTM4MjkyYjU4ZDllNTljMjM6M2UzMGM4YzJhZTEzZjU0OWViMjY1N2MxMjFhYTMwZjk=
User-Agent: PostmanRuntime/7.21.0
Accept: */*
Cache-Control: no-cache
Postman-Token: cee61bba-36af-4ae8-8356-9a8b3cbd37ef
Host: chd-test-store-01.myshopify.com
Accept-Encoding: gzip, deflate
Connection: close

 

Response was (captured using Fiddler)

HTTP/1.1 401 Unauthorized
Date: Fri, 03 Jan 2020 16:48:23 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: close
Set-Cookie: __cfduid=d0ec7ac4ff57c4d1b2186a95d72b817d71578070103; expires=Sun, 02-Feb-20 16:48:23 GMT; path=/; domain=.myshopify.com; HttpOnly; SameSite=Lax
X-Sorting-Hat-PodId: 135
X-Sorting-Hat-ShopId: 29422878856
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-ShopId: 29422878856
X-ShardId: 135
WWW-Authenticate: Basic Realm="Shopify API Authentication"
Strict-Transport-Security: max-age=7889238
Set-Cookie: _secure_admin_session_id_csrf=070b7138f8a15ac38cafa8413bb8ddd8; path=/admin; expires=Fri, 03 Apr 2020 16:48:23 -0000; secure; HttpOnly; SameSite=Lax
X-Request-Id: 43a1fad4-bc0f-4b19-a89b-f7942c69315f
X-Shopify-Stage: production
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopify.cn https://checkout.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=43a1fad4-bc0f-4b19-a89b-f7942c69315f
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=43a1fad4-bc0f-4b19-a89b-f7942c69315f
X-Dc: gcp-us-central1,gcp-us-central1
set-cookie: _secure_admin_session_id=070b7138f8a15ac38cafa8413bb8ddd8; path=/admin; expires=Fri, 03 Apr 2020 16:48:23 -0000; secure; HttpOnly
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 54f675c28ce1cf00-IAD

59
{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}
0

 

0 Likes
Vellir
Shopify Partner
132 29 33

This is an accepted solution.

Hi ChdSoftware,

 

Just double checking, are you using your store's private API key as username when trying the Basic Auth method?

 

Step 4 of the instructions say:

In the Username and Password fields, enter your store's private API key and password respectively.

- Yes, we build Shopify Apps. Hit me with your idea: https://vellir.tech
- Let customers preview your products and easily add them to cart with Peek Mode
- Add free, good looking social share icons with built-in analytics to your store with Share Lab
- Manage your new arrivals with Newr
0 Likes
ChdSoftware
New Member
2 0 1

Thank you  for jogging my thought process and helping me discover the solution.  Documenting here so that hopefully it helps someone else

 

In https://partners.shopify.com I had created the app.  Under apps - there was my app, I clicked on my app and it gave me the API key and secret.  That is NOT the right key and secret. 

 

You need to create a test store.  Then log into that development store.  In my case the store URL is https://chd-test-store-01.myshopify.com

Once in that store - click apps and create a private app.  Fill in "Private app name" and "Emergency developer email" a new API key and secret will be created in the Apps section of the development store.  Now it works as expected.

 

Thank you 

Not sure I explained it correctly - but hope this helps someone else understand "the other API key and secret" 

rsfxiii
Tourist
24 0 1

Shopify should clear this credentials confusion up with more detailed documentation of the differing development flows and their locations within Shopify. The documentation would lead you to think the incorrect credentials are appropriate for this use-case. It's what led me here, and apparently you as well.

0 Likes