I am trying to send a POST request using Postman to my app (hosting locally), which use koa-shopify-auth for testing, but it seems like it cannot get pass the auth step as shopify redirect several times to verify a request. I couldn't find any information regarding this issue, and I am not looking for sending request to Shopify API using Postman but sending request to a shopify app that will verify each request.
When I enter https://[MY_APP_LINK]/[MY_ROUTE]
It gives me the response
Expected a valid shop query parameter
How do I send a HTTP request to my shopify app using Postman?
If you are going to send a request to your App and you have no authenticated session, then of course you must include the shop name in your request. How else does your App know who is knocking on the door?
If your App correctly receives the request with the shop name, then it should recognize "hey, dude, I have no authenticated session for this shop". The obvious logic for you to now have in place is taking the shop name and looking it up in your database. If found, you likely stored a nice authentication token to use for sessions, so you fire up a session, and pass on the request to the route. If no shop is found, then you go to the install shop routine you wired up to establish new shops.
Note that none of this has anything to do with Postman, localhost or any networking problems. You just need to architect your incoming calls correctly to avoid your calamity. Obviously Shopify is letting you know you are not quite doing things right.
Thank you for replying! The problem is that I am using koa-shopify-auth to verify if the incoming request is coming from shopify, specifically the verifyRequest () function, which make sense because I do not want anyone to just use my app endpoint to do stuff with the shop. But the way that how the verify function establish an authorized session seems to involved several redirect which will run automatically in browser but not in postman. I assume the correct way to architect incoming call is getting the token after verifyRequest function, but postman cannot pass verifyRequest to get the token...
Postman has zero to do with your problems. It is nothing but a tunnel. All your problems start with your App. You just need to ensure incoming calls are handled correctly and you are good to go. Since you are using someone else's code, study it!
I explained to you the basic flow. It is probably already coded up for you in your App, but you are somehow using the code a little wrong for your purposes. I know nothing of this koa-auth but it sounds like it is pretty well used, so perhaps study their documentation or examples.