Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Authorization header not sent with fetch from Admin Action Extension

Solved

Authorization header not sent with fetch from Admin Action Extension

minsko
Shopify Partner
28 3 6

I'm  working on an admin.order-details.action.render which needs to make a call to my app.  I'm following the instructions at https://shopify.dev/docs/api/admin-extensions#app-authentication when making the fetch call, but NO Authorization header makes it to my app server.  I have tried the call with both fetch(/path) and fetch(app:/path).  Both of these methods make the request to my app server, but neither send an Authorization header so my app's calls to authenticate.admin(request) fail.

 

Am I missing something? Do authenticated requests only work for blocks and not actions?

Accepted Solution (1)
minsko
Shopify Partner
28 3 6

This is an accepted solution.

I am not sure what happened, but now I am getting the header.

View solution in original post

Replies 4 (4)

minsko
Shopify Partner
28 3 6

FYI to test, I changed my action to a block and still do not get the Authorization header passed.

minsko
Shopify Partner
28 3 6

This is an accepted solution.

I am not sure what happened, but now I am getting the header.

ishaanshettigar
Shopify Partner
7 0 1

Is there a way to manually manage session tokens in the admin action/block extensions? I am trying to hit a server of mine that is not my app server, so to authenticate, I need to. have the session token. I don't see any API to getSessionToken from within admin-ui-extensions, can you offer some insights into this?

Ishaan

PeakBrick
Shopify Partner
2 0 0

The issue is that Shopify fetch will not attach an Authorization header to an end point that is not using HTTPS
So ensure whatever end point ( URL ) you are making a request to using fetch is HTTPS so Shopify interceptor can add the Authorization header