Hi @F3D ,

If you are using a private app, you do not need to follow the OAuth process at all. A private app does not need to be (and cannot be) installed on a store, and a private app can have any access scopes and permission granted to it at any time through the Shopify store Admin --> Apps setting page.

In order to authenticate a private app with the Shopify Admin API, all you need to do is use Basic Auth with your private app's username and password (e.g. GET https://{username}:{password}@{shop}.myshopify.com/admin/api/2020-04/shop.json) or set the "X-Shopify-Access Token" header to the value of your private app's password.  Read this document for more information: https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin

@hassain 

thanks for taking the time to come back to me.

I would like to point out that i am using a custom app, so i created this app as Shopify partner and i m trying to access a store X.

It used to work before, it does not work anymore. I have found the docs a bit confusing on the OAUTH process.

can you help me understand what to do after calling this OAUTH Link?

function appLink() {
  var api_key = 'xxx';
 var secretkey='xx';

  var nonce=makeNonce(5) 
  
  
  
var redirectURI= "http://localhost/install.php"
     var data= {"client_id":api_key,
                "client_secret": secretkey}
    
  var payload= JSON.stringify(data)
  var options = {
       method : "GET",
    "contentType": "application/json",
    "payload": payload
      }
  var url= "https://{storeName}.myshopify.com/admin/oauth/authorize?client_id="+api_key+"&scope=read_orders&redirect_uri="+redirectURI+"&state="+nonce+"&grant_options[]=offline_mode"


  var mytoken = UrlFetchApp.fetch(url,options); 
Logger.log(mytoken)
  return mytoken;
  
}

This code logs for me the HTML page that redirects me to the login however it does not return any api access token, which is what i used to do.

Can you advise on how to proceed?

Thanks for your help

Hi @F3D ,

I am not sure if the logic in your code base is fully correct in retrieving the access token. I see from your code that you are getting the access token ("mytoken") by simply sending the user to the  Shopify oauth authorize page ("UrlFetchApp.fetch(url,options)"), which is skipping a few steps in our OAuth workflow. 

In general, the OAuth workflow works like this:

1. Send the user to the Shopify OAuth authorize page (https://{shop}.myshopify.com/admin/oauth/authorize?) and pass along your app info, scopes requested, and redirect URL as query parameters. From your code snippet, I can see that you are doing this. Please ensure that your redirect URL is the same URL you whitelisted in your App Setup on the Shopify Partners dashboard.  
2. Once the user goes to the Shopify OAuth authorize page and clicks the Install button, they will go to the redirect URL you specified in step 1. When they go to the redirect URL, they will have an additional query parameter of the 'Authorization Code'. You need to record this Authorization Code from the query parameter and save it in your app
3. Send a POST request to `https://{shop}.myshopify.com/admin/oauth/access_token` and in the body send the parameters of your app's client ID, client secret, and the Authorization Code from step 2.  From the response of this you will now have your Access Token.

If you are using Javascript, an additional solution I would recommend is use the Node.js package `koa-shopify-auth` (https://www.npmjs.com/package/@shopify/koa-shopify-auth). This is middleware that will automatically handle the entire OAuth workflow for your app, so you do not need implement all these steps yourself 

thanks again @hassain .

to answer your question:

"Send the user to the Shopify OAuth authorize page (https://{shop}.myshopify.com/admin/oauth/authorize?) and pass along your app info, scopes requested, and redirect URL as query parameters. From your code snippet, I can see that you are doing this. Please ensure that your redirect URL is the same URL you whitelisted in your App Setup on the Shopify Partners dashboard.  " I am doing this, the redirect uri is on localhost though is that problem?

2."they will have an additional query parameter of the 'Authorization Code'. You need to record this Authorization Code from the query parameter and save it in your app" I think i went through it but no auth code was given.

3. I will try that.

I am using Appscript in Gsheet at the moment, does the aouth flow needs to happen with Get or Post method? i have read different things.

When i run the function it returns me a html code ( i print in the console of g sheet) that does not load in my local host (point 1 above), so it does not load as page view. Do you know why this is happening? i whitelisted the link.

Thanks

Ah yes, I do not believe redirecting to localhost will work. Even if you whitelist localhost in your Shopify Partner Dashboard

You can use a service like ngrok, which is an HTTP tunnel service that will expose your localhost to the public web: https://ngrok.com/

Here is information on a Shopify tutorial that explains how to use ngrok: https://shopify.dev/tutorials/build-a-shopify-app-with-node-and-react/embed-your-app-in-shopify

Hello Hassain,

I am also not able to run api's my clients are angry with me.

I had posted on form link https://community.shopify.com/c/Shopify-APIs-SDKs/API-connection-issue-Connection-reset-by-peer-in-c...

But did not got any help from anywhere till now.

Can you please check that thread also once. May be you will get some hints for solution of my problem.

Thank you very much