Shopify App Token Error - "Invalid Signature: Possible malicious login" - need HOST

New Member
1 0 1

Hi all,

As of April 15th I began to receive an error in my Shopify application which occurred during the request_token method. 



safe_params = params.permit(:code, :hmac, :shop, :state, :timestamp, :host)

client_secret = ENV['SHOPIFY_CLIENT_SECRET']
api_version = '2020-07'
ShopifyAPI::Session.setup(api_key: api_key, secret: client_secret)

session = @shop, api_version: api_version, token: @token)



The error was:



"Invalid Signature: Possible malicious login -"



This error appeared to be caused because the parameters needed for the request_token method at some point changed to require a host parameter. Did the API install requirements recently change to require this host parameter in the request_token method? Is there another more stable solution than to include the host parameter?

Please let me know if you need any other information.

Thank you,