Private App basic http get request - 401 Error w/ No 'Access-Control-Allow-Origin'

Highlighted
New Member
13 0 0

Hi,

So basially, I am trying to do a GET request test from the shopify api with my private app's credentials using the following format for related store's data such orders, customers, products, and analytic contents. The credentials will be hidden in the back end. For now, I am just testing the http request base on what the Shopify document gives me.

https://apikey:password@hostname/admin/resource.json

So my problem is that if I paste the link on the browser, it works. When I try to call it on the website, it give me the following error. I am testing this on localhost.

GET https://xxxxxxxxxx.myshopify.com/admin/orders.json 401 (Unauthorized)
No 'Access-Control-Allow-Origin' header is present on the requested resource.

If you can please let me know what I am doing incorrectly, that would be greatly appreciated.

Thank you!

 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
1555 81 284

Hey Zhu!

From what I can understand you're making a cross origin request. If you're making requests from one domain to another, you'll need CORS. I found an article you can go over as a starting point (assuming you're using Javascript): 

https://www.html5rocks.com/en/tutorials/cors/

Cheers.

0 Likes
Highlighted
Shopify Partner
4 0 1

Make sure you are using the shop domain (available in the API - https://help.shopify.com/api/reference/shop) to build your request, otherwise you WILL get CORS errors.

If you blindly use "<shop_name>.myshopify.com" your requests may work on a test store but they will fail if the store uses an actual domain name

0 Likes
Highlighted
Shopify Expert
9978 110 1789

I do have concerns if you're making authenticated requests via the browser (using JS). That could mean that you're passing the auth details in plain text. Are you?

★ Winning Partner of the Build a Business competition. ★ http://freakdesign.com.au
0 Likes
Highlighted
New Member
3 0 0

>If you blindly use "<shop_name>.myshopify.com" your requests may work on a test store but they will fail if the store uses an actual domain name

 

That makes no sense to me. What domain would you use then?

0 Likes