Using APIs from a different origin/domain

Solved
Highlighted
Shopify Partner
18 1 15

Hence, Shopify throws a CORS error when detecting that you use a browser to send a request to a private API.

This is the answer to your question based on my comment. Storefront API is a public API and Admin API is a private one.

That's exactly why the difference between the APIs was pointed out.

 

Of course, you do not need a backend for Storefront API.

It takes very little time to verify that by sending a simple fetch request from Chrome dev tools console.

 

Aside from that, there is also a library (jsbuysdk) made by Shopify that utilizes Storefront API and is meant for the browser.

You can find more here: https://shopify.github.io/js-buy-sdk/

 

Contact me: mail@nesters.me
Technical solutions / integration / headless ecommerce.
Latest post: Benefits of JAMstack ecommerce
0 Likes
Highlighted
New Member
1 0 0

Hi Nester,

 

My questions are very related to the topic at hand and, although I'm pretty sure it's a few very tiny things that I'm missing, I too am struggling for answers. 

 

My situation is simple: I have an Express server (Node) that can authenticate and call the Shopify admin API without problems when the process is initiated from a client app sitting on the same domain. When I initiate the oAuth flow from a client app sitting on a different domain (i.e. this client calls my secure server and this server attempts to establish contact with Shopify) then I end up with the CORS error described above.

 

I believe this is a reasonable (and possibly even popular) architecture and so it must be something simple I'm missing on my end. 

 

Can you confirm if this is possible and - if so - if an example exists that I can study to see where I'm going wrong? 

 

Hein 

 

0 Likes
Highlighted
New Member
2 0 0

 I am using Storefront API using apollo and get CORS, how to handle that?

0 Likes
Highlighted
Tourist
7 0 2

Surprised that no one yet addressed how people managed work around the CORS issue.

0 Likes
Highlighted
Excursionist
10 0 9

 

 

The actual answer is despite what the docs say, you have to use a middleman server to use Storefront API as well.  You cannot just do it from the frontend like Stripe allows.  So spin up a whole server that just passes messages, folks.  Worry about it silently falling over at checkout, folks.  That's the only way to use this "serverless solution" of a scam product. 

Bottom line, after 2 integrations and endless trouble and even more monthly fees, I can attest, Shopify is a garbage fire built on a garbage framework, run by people who are just swimming in their money bin, don't care and don't answer questions on the forum.  Good F'ing luck.

0 Likes
Highlighted
Shopify Expert
4270 33 437

You're doing it wrong. If you use Storefront API as intended, there is no CORS issue.

Shopify is fundamentally built with the exact same HTTP protocols as all other Internet properties. Shopify is not pushing any unique technology, so comparing it to Stripe as if Stripe is somehow doing Internet computing different or more correct, is plain silly. Once you can do one pattern with one service, you can repeat with any other. oAuth is oAuth, for example. 

It's ok to just say you don't understand, and ask for help. Mostly, you have to learn to help yourself. Like anything worth doing.

 

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
Highlighted
Excursionist
10 0 9

 

 

Using it as intended?  I've used it on 2 projects and you need a middle man server to use Storefront API and the docs suck.  Period.

and Stripe.JS allows for client side calls to the stripe.com api, so does google analytics script tag. that's how CORS works, dick. 

You are the expert of a pile of shit.

0 Likes
Highlighted
Shopify Partner
18 1 15

You sure you are not mixing up Storefront API with the GraphQL Admin API?

Storefront API even has a simple library - JS Buy SDK that can be used on any website to implement product catalog / cart functionality with your Shopify store.
You can see an example here: https://jamstack-ecommerce.nesters.me/ 

That's a static Nuxt.js storefront outside of Shopify that is utilizing Storefront API.

GraphQL Admin API rightfully will have CORS issues due to sensitive data that can be exposed if you leave your credentials available to everyone on the internet.

 

Contact me: mail@nesters.me
Technical solutions / integration / headless ecommerce.
Latest post: Benefits of JAMstack ecommerce
0 Likes
Highlighted
Shopify Expert
4270 33 437

Puberty is hitting you hard! I get it though, I had kids, so your 'tude is like water off a ducks back. One day you'll be out of your mom's basement, and perhaps less bitter about things you should be enjoying more.

Custom Shopify Apps built just for you! hunkybill@gmail.com http://www.resistorsoftware.com
0 Likes
Highlighted
Excursionist
10 0 9

 

That's a lot of assumptions Hunky Bill.  It's okay to admit this platform is garbage and ruining e-commerce for developers.

0 Likes