True @JazepsBasko - sorry to confuse things. Trying to respond too quickly.

Yep, I am getting the access token from the body in a field called "access_token".

So my related experiences were included to try and fast-track any help I would get from helpful people such as yourself. The documentation kind of hints at the possibility of manually calling the GraphQL and REST API endpoints with credentials to test out the process. 

Am I right in thinking that if I can't do a Curl/Postman request to the endpoints using the access token retrieved previously that there is something either fundamentally wrong with the API endpoint ... or the access token they have returned is being marked as invalid?

Thanks for your help on this

Steve

The documentation regarding this is okay.

You're correct in that you should be able to make this simple request:

GET https://SHOPNAME.myshopify.com/admin/shop.json with just one header - X-Shopify-Access-Token and it should return a nice response.

I just tried making the request with a bad header value and I got an error:

{
"errors": "[API] Invalid API key or access token (unrecognized login or wrong password)"
}

I tried making the request without the header and got the same error.

If the access token hasn't expired yet or it is an offline access token (doesn't expire) then there's nothing stopping you from using it with Postman / Insomnia either.

That is the error I see using the token retrieved through the process discussed - using the header 'X-Shopify-Access-Token'.

How exactly am I meant to debug this without access to the logs? This is crazy.

I sent the response (headers) that I get when an error occurs through to shopify help - but in lieu of them, you know, actually helping .. 

I'm pretty sure you're sending the wrong/expired token. Could it be that you've reinstalled the app on your devstore? I imagine that makes a previously acquired token invalid. Did you specify any access scope when you requested the token? For my in-progress app I request read_products to start with.

99.9% sure the token is still good. However I'll roll the codebase back to last known good and reinstall.

I've requested write_products for the development period.

I'll get back to you when I can document what happens with screengrabs

Cheers

OK @JazepsBasko and @KarlOffenberger

Got app back and running.

Uninstalled and reinstalled app on test store.

Access Token received - weirdly(?) is the same token I have previously been given. Is that because it's the same store and the same app?

Confirmed 401 Unauthorized error when submitting POST to https://{shop}.myshopify.com/admin/shop.json 

with single Header X-Shopify-Access-Token [32 character string]

So I am exactly nowhere on this

Hey, glad you figured it out!