Shopify App Token Error - "Invalid Signature: Possible malicious login" - need HOST

daisyp
New Member
1 0 1

Hi all,

As of April 15th I began to receive an error in my Shopify application which occurred during the request_token method. 

 

 

safe_params = params.permit(:code, :hmac, :shop, :state, :timestamp, :host)

api_key = ENV['SHOPIFY_CLIENT_ID']
client_secret = ENV['SHOPIFY_CLIENT_SECRET']
api_version = '2020-07'
ShopifyAPI::Session.setup(api_key: api_key, secret: client_secret)

session = ShopifyAPI::Session.new(domain: @shop, api_version: api_version, token: @token)
session.request_token(safe_params)

 

 

The error was:

 

 

"Invalid Signature: Possible malicious login - xxx.myshopify.com"

 

 

This error appeared to be caused because the parameters needed for the request_token method at some point changed to require a host parameter. Did the API install requirements recently change to require this host parameter in the request_token method? Is there another more stable solution than to include the host parameter?

Please let me know if you need any other information.

Thank you,

Daisy