Server side authorization fails for API request which it works in Postman

Solved
Excursionist
32 4 1

I'm trying to retrieve the shop's metafields and I can do so with Postman and through the URL for basic authorization: 

https://{username}:{password}@{shop}.myshopify.com/admin/api/{api-version}/{resource}.json

However when I try to make the call from the server I'm constantly getting 400 errors or a message

{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}

I've tried using my public API key and secret key, my private API key and secret, swapping the two url's I have in the code, hard coding the same access token from the Postman request and I keep getting the invalid API key or access token error. This is a public app that I'd like to use on multiple client stores so I don't think the private API information is the way to go and using the public API information in the browser works just fine but when I attempt to curl through basic authorization or create the request server side it fails. 

 

My code: 

// pages/add-product.js
componentDidMount(){                                                                                       
  axios.get('/productMetafields')
  .then(res => {
console.log(res);
  })
  .catch(err => {
    console.log(err);
  });
}

//server.js
router.get('/productMetafields', verifyRequest(), async (ctx) => {
  const { shop, accessToken } = ctx.session;
  const url = 'https://'+shop+'/admin/metafields.json';
  //const url = 'https://'+SHOPIFY_API_KEY+':'+SHOPIFY_API_SECRET_KEY+'@'+shop+'/admin/metafields.json';
  var options = {
    "method": "GET",
    "headers": {
      "Content-Type": "application/json",
      "X-Shopify-Access-Token": SHOPIFY_API_SECRET_KEY,
    }  
  };
  var req = http.request(url, options, function (res) {
    var chunks = [];
    res.on("data", function (chunk) {
      chunks.push(chunk);
    });
    res.on("end", function () {
      var body = Buffer.concat(chunks);
      console.log(body.toString());
    });
  });
  req.end();
});

 

Your guidance would be much appreciate, auth is constantly tripping me up on this app.

You are phoenix
0 Likes
Highlighted
Excursionist
32 4 1

I was hoping to PM @scottydont but I've reached my pm limit for the day even though it was to be my first one... Odd but hopefully someone in the general community has seen and solved this issue before.

You are phoenix
0 Likes
Highlighted

Success.

Excursionist
32 4 1

I am a dunce... turns out I had what I needed to authenticate the call I just wasn't passing it...

 

Modified code:

router.get('/productMetafields', verifyRequest(), async (ctx) => {¬
  const { shop, accessToken } = ctx.session;¬
  const url = 'https://'+shop+'/admin/metafields.json';¬
  //const url = 'https://'+SHOPIFY_API_KEY+':'+SHOPIFY_API_SECRET_KEY+'@'+shop+'/admin/metafields.json';¬
  var options = {¬
    "method": "GET",¬
    "headers": {¬
      "Content-Type": "application/json",¬
      "X-Shopify-Access-Token": accessToken,¬                                                                       
    }¬
  };¬
··¬
  var req = http.request(url, options, function (res) {¬
    var chunks = [];¬
··¬
    res.on("data", function (chunk) {¬
      chunks.push(chunk);¬
    });¬
··¬
    res.on("end", function () {¬
      var body = Buffer.concat(chunks);¬
      console.log(body.toString());¬
    });¬
  });¬
··¬
  req.end();¬
});¬

It's the accessToken the API wants, not the app key or secret key and while my Postman had the access token within it I wasn't making the connection when switching it over to the server. Now when I run the script I see my metafields logged.

You are phoenix
0 Likes