Embedded Public App: Node backend: Authenticated OK, Access Token received. Immediately invalid

Solved
Shopify Partner
26 1 5

You mention sending API secret in your original post under "And further, possibly relevant experience:" Those are all incorrect usages for a public app, I think. That's how you do when you have a private app.

 

Yes, you are correct that the secret is used to acquire the access token.

 

Now in your last post you say something that you just phrased unfortunately or you're mistaken: "But I am certain that I acquired the access token from the X-Shopify-Access-Token that is returned when POSTing to ...". You are not acquiring anything from "X-Shopify-Access-Token" - it's not actually being sent to you. You acquire the token from the JSON body response of that request, the field is called "access_token". Just double check you're doing it, request the token again (it doesn't hurt), try again.

0 Likes
Shopify Partner
15 1 4

True @JazepsBasko - sorry to confuse things. Trying to respond too quickly.

Yep, I am getting the access token from the body in a field called "access_token".

 

So my related experiences were included to try and fast-track any help I would get from helpful people such as yourself. The documentation kind of hints at the possibility of manually calling the GraphQL and REST API endpoints with credentials to test out the process. 

Am I right in thinking that if I can't do a Curl/Postman request to the endpoints using the access token retrieved previously that there is something either fundamentally wrong with the API endpoint ... or the access token they have returned is being marked as invalid?

 

Thanks for your help on this

Steve

0 Likes
Shopify Partner
26 1 5

The documentation regarding this is okay.

 

You're correct in that you should be able to make this simple request:

GET https://SHOPNAME.myshopify.com/admin/shop.json with just one header - X-Shopify-Access-Token and it should return a nice response.

 

I just tried making the request with a bad header value and I got an error:

{
"errors": "[API] Invalid API key or access token (unrecognized login or wrong password)"
}

 

I tried making the request without the header and got the same error.

 

0 Likes
Shopify Partner
1838 173 574

If the access token hasn't expired yet or it is an offline access token (doesn't expire) then there's nothing stopping you from using it with Postman / Insomnia either.

I turn coffee in to code - since 1998
0 Likes
Shopify Partner
15 1 4

That is the error I see using the token retrieved through the process discussed - using the header 'X-Shopify-Access-Token'.

 

How exactly am I meant to debug this without access to the logs? This is crazy.

I sent the response (headers) that I get when an error occurs through to shopify help - but in lieu of them, you know, actually helping .. 

 

 

0 Likes
Shopify Partner
26 1 5

I'm pretty sure you're sending the wrong/expired token. Could it be that you've reinstalled the app on your devstore? I imagine that makes a previously acquired token invalid. Did you specify any access scope when you requested the token? For my in-progress app I request read_products to start with.

0 Likes
Shopify Partner
15 1 4

99.9% sure the token is still good. However I'll roll the codebase back to last known good and reinstall.

 

I've requested write_products for the development period.

 

I'll get back to you when I can document what happens with screengrabs

 

Cheers

0 Likes
Shopify Partner
15 1 4

OK @JazepsBasko and @KarlOffenberger

 

Got app back and running.

Uninstalled and reinstalled app on test store.

Access Token received - weirdly(?) is the same token I have previously been given. Is that because it's the same store and the same app?

 

Confirmed 401 Unauthorized error when submitting POST to https://{shop}.myshopify.com/admin/shop.json 

with single Header X-Shopify-Access-Token [32 character string]

 

So I am exactly nowhere on this

0 Likes

Success.

Shopify Partner
15 1 4

It seems there is something hinkey. The access token remained the same across uninstalls - which would obviously mean it was invalid.

The documentation mentioned that if the scopes changed then a new access token would be required. So I changed the scopes, reinstalled. Bingo. Works.

 

Thanks for all your help @JazepsBasko and @KarlOffenberger without you to validate what I was doing I might not have got to this point.

@Shopify thanks for nothing

 

Cheers

Steve

1 Like
Shopify Partner
1838 173 574

Hey, glad you figured it out!

I turn coffee in to code - since 1998
0 Likes