Private app basic auth problem 401 in any case.

GrayBlackwhite
New Member
2 0 0

I try to execute simple request using storefront api, such that has been shown in tutorials and "getting started articles".

I've tried to authenticate using several different options:

  1. by url
  2. with Authorization: Basic base64(apikey:password)
  3. with custom header X-Shopify-Access-Token: apikey

But still have 401 response.

There is one request that I used below:

POST https://%mystore%.myshopify.com/admin/api/2020-10/shop.json HTTP/1.1

 

UPD: I used wrong api endpoint.
Host: %mystore%.myshopify.com
User-Agent: GraphQL.Client/3.2.0.0
X-Shopify-Access-Token: 2%myaccesstoken%
traceparent: 00-9a471591195ff944ad0fab31cfaa5db4-5880000947509440-00
Content-Type: application/json; charset=utf-8
Content-Length: 108

{"query":"\r\n shop { id name email }\r\n ","variables":null,"operationName":null}

And the response:

HTTP/1.1 401 Unauthorized
Date: Sat, 19 Dec 2020 14:00:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Sorting-Hat-PodId: 180
X-Sorting-Hat-ShopId: 52109148341
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-ShopId: 52109148341
X-ShardId: 180
WWW-Authenticate: Basic Realm="Shopify API Authentication"
Strict-Transport-Security: max-age=7889238
X-Shopify-Stage: production
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://checkout.us.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=b701dfad-4abb-4943-8be7-ce78f6253803
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=b701dfad-4abb-4943-8be7-ce78f6253803
X-Dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
X-Request-ID: b701dfad-4abb-4943-8be7-ce78f6253803
CF-Cache-Status: DYNAMIC
cf-request-id: 071ce5f0ee00007b733a8d0000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 6041a5c7eacf7b73-DME

59
{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}

Where have I gone wrong?

 

UPD: I used wrong api endpoint. https://%mystore%.myshopify.com/admin/api/2020-10/shop.json

I replaced this url to https://%mystore%.myshopify.com/api/2020-10/graphql.json

And now I receive Forbidden status code.

The question is same )

0 Likes
GrayBlackwhite
New Member
2 0 0

Solved.

0 Likes