HTTP 406 on Fulfillment PUT

Shopify Partner
6 0 0

Hi there,

I'm trying to fulfill an order in our test store and consisteintly getting a HTTP 406 back from the API. This can either be with xml or JSON. I've tried using accept application/json, text/json and */* to no avail. Sadly there is no other information as to what is actually wrong with the request.

The request I am using is sent from Postman. Can anyone shed some light on this?

Accept: application/json

Content-Type: application/json

  "fulfillment": {
    "location_id": 35314374,
    "tracking_numbers": ["CX630381065CA", "1234FD"],
    "tracking_company": "Custom Tracking Company",
    "line_items": [
        "id": 2062631862350
        "id": 2062631895118



Response: empty body

Server →nginx

Date →Fri, 23 Nov 2018 19:57:32 GMT

Content-Type →application/json

Transfer-Encoding →chunked

Connection →keep-alive

X-Sorting-Hat-PodId →77

X-Sorting-Hat-PodId-Cached →1

X-Sorting-Hat-ShopId →17283161

X-Sorting-Hat-PrivacyLevel →default

X-Sorting-Hat-FeatureSet →default

X-Sorting-Hat-Section →pod

X-Sorting-Hat-ShopId-Cached →1

Referrer-Policy →origin-when-cross-origin

X-Frame-Options →DENY

X-ShopId →17283161

X-ShardId →77

X-Stats-UserId →0

X-Stats-ApiClientId →1565669

X-Stats-ApiPermissionId →43273493

X-Shopify-API-Terms →By accessing or using the Shopify API you agree to the Shopify API License and Terms of Use at


X-Shopify-Shop-Api-Call-Limit →1/40

Strict-Transport-Security →max-age=7889238

X-Request-Id →b52227ed-d54a-4b81-88ac-d26b3baa407c

X-Shopify-Stage →production

Content-Security-Policy →default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin_api&source%5Buuid%5D=b52227ed-d54a-4b81-88ac-d26b3baa407c

X-Content-Type-Options →nosniff

X-Download-Options →noopen

X-Permitted-Cross-Domain-Policies →none

X-XSS-Protection →1; mode=block; report=/xss-report?source%5Baction%5D=error_404&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Ferrors&source%5Bsection%5D=admin_api&source%5Buuid%5D=b52227ed-d54a-4b81-88ac-d26b3baa407c

X-Dc →chi2,gcp-us-east1


Shopify Partner
1867 182 804

Hi Will

Tried same request on an unfulfilled order I had hanging around in dev store an works like a charm. So let's backtrack what may be causing your problem - starting with the obvious

  1. Are you using POST (I sometimes forget to change the verb when copying requests)
  2. Does your app have the necessary read / write permissions set for the fulfillments endpoint
  3. Are the ref'd IDs in your request body fulfillment payload correct

Can't really tell you more than above obvious checks to go through since I cannot reproduce the behavior on my store.

Hope you sort it out soon or someone else chimes in with more suggestions!

Liked this post? You might also like our fantastic upsell apps Candy Rack and Candy Cart or offer free gifts with Gift Box. All made with ❤️  and care by Digismoothie
Shopify Partner
6 0 0

Hi Karl,

Thanks for the prompt reply! 

  1. PUT I've been using, POST gives me a login prompt. 
  2. Orders, transactions and fulfillments is read/write
  3. As for the Ids, I believe so, the order line ids are from the API call from the orders endpoint and the order id is from the admin page. If the location id were incorrect, i'd expect another error about inventory and location being incorrect. 

I'll go through again and see if I can figure something out. At the moment my store is password protected / not open as it's for dev/ testing, I wouldn't expect that to be an issue.

Shopify Partner
1867 182 804

This is an accepted solution.


  1. If you are using PUT it won't work hence the 406. If POST is giving you the login screen, clear cookies (can;t remember in Postman, might be a checkbox somewhere not to send cookies. Any POST sent with cookies will be rejected and you end up at the login screen)
Liked this post? You might also like our fantastic upsell apps Candy Rack and Candy Cart or offer free gifts with Gift Box. All made with ❤️  and care by Digismoothie
Shopify Partner
6 0 0

Hi Karl,

Brilliant. Not 100% sure where Postman picked up those cookies from, but that did the trick. Fulfillment created. Can't thank you enough!


36 0 3

Hi Will,


I'm having this exact same issue except I'm trying to send a PUT request to the product images endpoint. I cleared my cookies in Postman and verified I am no longer sending any but I still get the 406. 


For clearing cookies, do you just click the "cookies" link under the "send" button?

13 1 0

Hello Will,

Am using postman as well, after clearing the cookies also am getting a blank body request.  
Can you confirm me again, how did you clear the cookies ? Thanks

16 1 5

There should be a "cookies" link under the Send button. See attachment.Capture.JPG