PUT Asset API returning 200 OK and html Continue/Login response

Shopify Partner
1 0 0



So I've scoured the forums here, Google results, SO, etc. in search of a solution to the title and yes I found very related topics but all of them essentially say to make the HTTP request without cookies.


I'm spinning up a little react/node/next app from the provided tutorial that directs developers to utilize the Koa Shopify Auth middleware library. This is all fine and dandy for initial install, webhook registration, etc. and I can also perform a GET against the Asset I am looking for, however, the PUT fails.


For context, I am looking to make changes to the config files of a theme.


To save some time, here's one of the X-Request-Id(s) I've captured: 4f748128-b05a-437b-894d-909ce002ccef


I've created the basic prototype application which exposes a PUT route in the server.js file which wraps a fetch call to https://SHOP/admin/api/2020-01/#{theme_id}/assets.json and appends two headers, the X-Shopify-Access-Token and the Content-Type and yet the response is consistently 200 OK and the following body:


      <a href="https://app.shopify.com/services/login/identity?destination_uuid=800d520a-a93b-4b51-b7dd-ddff0618ed51&amp;enforce_merge=true&amp;merge_ignore_postponed=false&amp;prompt=merge&amp;return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Ffrom_signup%3Dfalse%26locale%3Den%26shop_name%3DSHOPNAME%26state%3DNNBmxh5kWNOGcwHV-PHpDUDyj2kpt3Z8jG4pJvNU2cXFmrmERZ89uGmw_l5F10ZCI5C4Ngxfez_YlYcanBHEAyaglQF8B28tQQ_hgHmLd3aZ6MqFcPAgMgGa9RfI8XbI2hsZ5VHMyxyrHsyVHYCpIiUQieP5fSXlsbsjCuM3WXbytZUoGHJQ9YecADemEdf6ydryDXqlSk0icAVv8gez_TyeHeKdzAxdAyP7LVdbO6M%253D&amp;ui_locales=en&amp;ux=shop">Continue</a>

    <script type="text/javascript">
      window.location = "https:\/\/app.shopify.com\/services\/login\/identity?destination_uuid=800d520a-a93b-4b51-b7dd-ddff0618ed51\u0026enforce_merge=true\u0026merge_ignore_postponed=false\u0026prompt=merge\u0026return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Ffrom_signup%3Dfalse%26locale%3Den%26shop_name%3DSHOPNAME%26state%3DNNBmxh5kWNOGcwHV-PHpDUDyj2kpt3Z8jG4pJvNU2cXFmrmERZ89uGmw_l5F10ZCI5C4Ngxfez_YlYcanBHEAyaglQF8B28tQQ_hgHmLd3aZ6MqFcPAgMgGa9RfI8XbI2hsZ5VHMyxyrHsyVHYCpIiUQieP5fSXlsbsjCuM3WXbytZUoGHJQ9YecADemEdf6ydryDXqlSk0icAVv8gez_TyeHeKdzAxdAyP7LVdbO6M%253D\u0026ui_locales=en\u0026ux=shop";

My request body builds up the required "asset" object defined in the API docs:


  "asset": {
    "key": "templates/index.liquid",
    "value": "<img src='backsoon-postit.png'><p>We are busy updating the store for you and will be back within the hour.</p>"


... as you can see in this code, where the value is just a JSON object in another file


let body = JSON.stringify({
				asset: {
					key: 'config/settings_data.json',
					value: require('./settings_data_new.json')
			// console.log(body);
			const results = await fetch(
				'https://' +
					ctx.cookies.get('shopOrigin') +
					//credentials: 'omit',
					headers: {
						'X-Shopify-Access-Token': ctx.session.accessToken,
						'Content-Type': 'application/json'
					// cookies: 'none',
					method: 'PUT',
					body: body
			).then(response => {
				console.log(response.status, response.statusText);
				response.text().then(t => console.log(t));

For debugging purposes, I've had to resolve the promise in a more ambiguous manner as you can see at the end. Further, I've tried to play with the options of the Fetch request, even going as far as removing those headers altogether, to prevent cookies from somehow being included and still no luck.


Any ideas on this?


Thanks for reading, hope you're all socially distant and healthy :) 




Shopify Partner
3 0 0


We make apps to make your life easier...