Here is another example below. I can try to include any/all of these parameters in the request body and wind up with the same 400 - Bad Request error in response. The X-Request-Id shown is ac3eebc2-c4c8-4655-b0a0-c7ca73a65a15 so hopefully it can be cross-referenced on the back-end.
POST https://{my-shop}.myshopify.com/admin/api/2020-04/orders/{order_id}/fulfillments.json HTTP/1.1
Content-Type: application/json
Authorization: Basic {access_token}
User-Agent: PostmanRuntime/7.25.0
Accept: */*
Host: {my-shop}.myshopify.com
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 517
{
"fullfillment": {
"location_id": 203128,
"tracking_number": "123456789",
"tracking_numbers": ["123456789"],
"service": "manual",
"tracking_url": "https://shipping.xyz/track.php?num=123456789",
"tracking_urls": ["https://shipping.xyz/track.php?num=123456789"],
"tracking_company": "Jack Black's Pack, Stack and Track",
"receipt": {},
"line_items": [{"id": 5553278779554, "quantity": 1, "variant_id": 31620762828852, "fulfillment_service":"manual" }],
"notify_customer": false
}
}
HTTP/1.1 400 Bad Request
Date: Mon, 15 Jun 2020 14:43:37 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Set-Cookie: __cfduid=da9a42ea5267ba05c401c5f0b5064479d1592232217; expires=Wed, 15-Jul-20 14:43:37 GMT; path=/; domain=.myshopify.com; HttpOnly; SameSite=Lax
X-Sorting-Hat-PodId: 161
X-Sorting-Hat-ShopId: 3036253
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-ShopId: 3036253
X-ShardId: 161
X-Stats-UserId:
X-Stats-ApiClientId: 309925
X-Stats-ApiPermissionId: 8304915
X-Shopify-API-Terms: By accessing or using the Shopify API you agree to the Shopify API License and Terms of Use at https://www.shopify.com/legal/api-terms
HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT: 1/40
X-Shopify-Shop-Api-Call-Limit: 1/40
X-Shopify-API-Version: 2020-04
Strict-Transport-Security: max-age=7889238
X-Shopify-Stage: production
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://cdn.shopify.cn https://checkout.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=create&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Forders%2Ffulfillments&source%5Bsection%5D=admin_api&source%5Buuid%5D=ac3eebc2-c4c8-4655-b0a0-c7ca73a65a15
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=create&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Forders%2Ffulfillments&source%5Bsection%5D=admin_api&source%5Buuid%5D=ac3eebc2-c4c8-4655-b0a0-c7ca73a65a15
X-Dc: gcp-us-central1,gcp-us-east1,gcp-us-east1
X-Request-ID: ac3eebc2-c4c8-4655-b0a0-c7ca73a65a15
CF-Cache-Status: DYNAMIC
cf-request-id: 035a08a460000003bcf9a69200000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 5a3d10809f8c03bc-ORD
alt-svc: h3-27=":443"; ma=86400
Content-Length: 66
{"errors":{"fulfillment":"Required parameter missing or invalid"}}
