Focuses on API authentication, access scopes, and permission management.
I am trying to build a marketplace (sales channel and buyer-facing app). I am using the Remix template for the sales channel, and I am trying to use Postman to obtain products from the Admin API to simulate the buyer-facing app. With Remix the OAuth flow is already set up, and I can see a store name and access token in my database after installing the sales channel on my test store and completing the OAuth flow. Through Postman I am making a request to https://quickstart-2e18dfd3.myshopify.com/admin/api/2021-07/graphql.json and passing the access token from my database through as X-Shopify-Storefront-Access-Token. I am getting a 401 response and a message stating "[API] Invalid API key or access token (unrecognized login or wrong password)".
What am I missing?
Could it be because my test store is password protected due to being in development mode? Does Remix somehow encode or modify the access token before storing it in the database?
Please let me know if I can provide any more details.
Solved! Go to the solution
This is an accepted solution.
The tokens used to access the Storefront API are different from the ones you use for the Admin API (which is the token you get when a Store installs your app).
You can find the details on how to get started with the Storefront API and where to get the token here: https://shopify.dev/docs/custom-storefronts/building-with-the-storefront-api/getting-started
This is an accepted solution.
The tokens used to access the Storefront API are different from the ones you use for the Admin API (which is the token you get when a Store installs your app).
You can find the details on how to get started with the Storefront API and where to get the token here: https://shopify.dev/docs/custom-storefronts/building-with-the-storefront-api/getting-started
Thank you, I was using the wrong token header for Admin API - I didn't realize it was a bit different from Storefront.