Focuses on API authentication, access scopes, and permission management.
I have been following this guide for setting up my app as a fulfillment service
https://shopify.dev/docs/apps/build/orders-fulfillment/fulfillment-service-apps/build-for-fulfillmen...
I find one key point missing; How can I pass X-Shopify-Access-Token header to the api to the following endpoints to make authenticated calls to request and update relevant information?
GET: https://${shopDomain}/admin/api/2024-04/assigned_fulfillment_orders.json
POST: https://${shopDomain}/admin/api/2024-04/fulfillment_orders/${fulfillmentOrderId}/fulfillment_request...
POST: https://${shopDomain}/admin/api/2024-04/fulfillments.json
Since the user is not actively using the app the access token would not be available correct?
The token expires after 24 hours and even if it is stored on our server how would our server have authorized access after that?
Solved! Go to the solution
This is an accepted solution.
Hi,
you have to exchange the session token (which expires) to get an access token (which does not expire). You must store the access token for later use. The whole process is described here and is a pain in the a** to implement. You should use one of the official shopify admin api libraries to do the implementation. But even then, it's not fun, I can tell. Worked myself through this the last days.
All the best,
Michael
This is an accepted solution.
Hi,
you have to exchange the session token (which expires) to get an access token (which does not expire). You must store the access token for later use. The whole process is described here and is a pain in the a** to implement. You should use one of the official shopify admin api libraries to do the implementation. But even then, it's not fun, I can tell. Worked myself through this the last days.
All the best,
Michael
Alternative you can create your Fulfillment Service App as private app and use the API-Secret for authorization.