API returns 401 Unauthorized

2 0 0

We have several shopify stores we access each with our API, the same API fails for one store with error 401 unauthorized.   I have recreated the issue with a simple CURL api  in postman.  I got one that works with store A and the changed the store subdomain and token and it fails.   I ensured a dozen times that the u/p that compromise the token are accurate.   The store admin screens have a bit of a different look and I understand that the apps are now custom instead of private (with seamless transition).


Is there anything in the store configuration that I need to double check?   Is there something else to do to drill down on this issue?


Here is the curl, with the shop and the token altered.  


curl --location --request GET 'https://myshop.myshopify.com/admin/locations.json' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic NDE2OTBjMDNiYTg2ODk3KJDLKFJDKLFJHjE5NzExOGY6c2hwc3NfYTliNmJmYTIyYmUyZDMyYWFlNTNmODRhZWY0ZTNmNmU='



Replies 14 (14)

Shopify Staff
249 42 36

Hey @goNorth,
A 401 error response from our API generally refers to incorrect or missing authentication being sent with a request. I found your other post mentioning the change from using private to custom apps and just wanted to touch base here.

There are a few new docs, the first covers working with custom apps in the Shopify Admin, and specifically focuses on admin settings, setup, install and uninstall, scope access, deletion, etc. The other focuses on authentication and access tokens. 

I was able to do some testing and my first suggestion for troubleshooting would be rotating credentials for the app, which may require contacting the merchant if you don't have a collaborator account with the Develop Apps permission.

After following those resources if the error proceeds and you feel there is a bug, please provide an x-request-id value returned in the response header along with the error - you can do this by adding either the -v or -i argument to a cURL request, or found in many API client's response header tab.

At this time, our team is unable to authenticate to locate accounts related details via these community forums, however the details mentioned above help us locate logs, share insights, or provide suggestions moving forward.

I will keep an eye out here - Cheers

awwdam | API Support @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

Shopify Partner
9 0 4


I'm doing the same thing as goNorth and getting a 401 error. Below is the code:

url = 'https://<shopname>.myshopify.com/admin/api/2022-01/products/count.json'
header = {
                'X-Shopify-Storefront-Access-Token': <access_token>,
r = requests.get(urlheaders=header)
Shopify Partner
67 1 17

Did you figure this out? I'm wrestling with the same.

Learning something new every day
Shopify Partner
9 0 4
Nope. It's so frustrating that there is no help and no tutorial or sample
Shopify Partner
67 1 17

I feel you, it's frustrating.

Learning something new every day
Shopify Partner
67 1 17

@ytrend I found out how to do it with GraphiQL. You are this close already, friend. 


I really just needed to see that. It's so much easier to understand, for me at least, when another human explains it compared to reading the docs.


Here's my code:


function myFunction() {
  var url = "https://<YOURSHOP>.myshopify.com/admin/api/2022-04/graphql.json";
  var payloaddata = `{
products (first: 1){
  edges {
    node {
      images (first: 1) {
        edges {
          node {
  var password = "<YOUR TOKEN>";
  var response = UrlFetchApp.fetch(url, {
        'method': "POST",
        'muteHttpExceptions': true,
        'headers': { "X-Shopify-Access-Token": password , "Content-Type": "application/json"},
        'payload': JSON.stringify({'query': payloaddata})

var RESPONSE_CODE = response.getResponseCode();
var CONTENT_JSON = JSON.parse(response.getContentText());


This gets the first image url from the first product. You can use the GraphiQL tool to spin your own data sets very easily. I need to eat, sleep and dream GraphQL for a couple of weeks, lol.

Learning something new every day

Shopify Partner
4 0 7

For anyone who has this issue I have the fix (I am using a private app and had previously set this up without issue on other shops until now).


It looks like they have updated the authorization to only with the token supplied from within the private app and not the once generated from the Buffer of the API Key & Secret (password).


To get this key - you need to go to your private app and select "API Credentials" and then generate an "Admin API access token". If you use this it should work (it did for me after about an hour of frustration).

Shopify Developer & App Creator
Shopify Partner
2 0 1

I'm having the same issue here. I had a look at your solution but I have already generated the API Key. I can get products through on my store but Whenever there is a 401 error to `/api/2022-07/graphql 40` I dont know what I havent set up correctly??


Shopify Partner
1 0 1

I encountered this today when building a new app using shopify-api-node.


Previously when you created a new instance of Shopify, you needed to pass in apiKey and password. It now seems like you only need to hand in accessToken. Example below of what worked for me today. 


const shopify = new Shopify({
  shopName: process.env.SHOPIFY_NAME,
  accessToken: process.env.SHOPIFY_ACCESS_TOKEN,


Shopify Partner
1 0 0

Hi so this means that, apiKey and password is not working anymore thus you have to only use the accessToken? I also tried to login from the web using my accesskey and secret but I am getting 401 everytime

Shopify Staff
1415 231 484

I'd recommend reviewing the types of authentication and authorization methods depending on your app type. Shopify CLI is a great tool for generating a starter app with boilerplate code that handles authentication and authorization as well.

For custom apps created in the Shopify admin (rather than the partner dashboard), you can follow this guide for generating access tokens and making authenticated requests.

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

4 1 0

I'm trying to do the same thing, also getting 401 error.

Can you help me?

Thank you!


this is my code:

headers = {'X-Shopify-Access-Token': api_admin, 'Content-Type': 'application/json'}
response = requests.get(url, headers)

Shopify Partner
10 0 0

Hey buddy, I encountered the same issue today with all Shopify API calls in my app. However, I managed to fix it. I used 'npm run dev -- --reset' and instructed it to choose an existing app. When it came to selecting the app name, I noticed I had many names (due to renaming my app). It's crucial to select the name 'Your app name (shopify.app.toml)'. I believe this might be the reason behind the issue. Hope this helps you!

ImgCraft: AI Sharp & Resize - Rescuing Low-Quality Images | LitaCat: Page Watermark - Convey Your Voice
Shopify Partner
16 0 2

I do have the same issue...

Postman seems fine, with only the Access-Token, but from my server it fails

What's wrong with my Code-Snippet? Did I use the wrong credentials?

It looks like that:

var settings = {
"url": "110a2*****:sh***@shop*****.myshopify.com/admin/api/2023-10/custom_collections.json",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "json/application",
"Authorization": "Basic MTEwYTJiZWU1YjN********"
"data": " {\"custom_collection\": {\r\n \"title\": \"MacbooksTEST123456\",\r\n \"body_html\": \"Description of the collection\", \n \"sort_order\": \"manual\", \n \"template_suffix\": \"your_template_suffix\", \n \"published_scope\": \"web\"\r\n }}",


The response looks like this:
"responseCode": 401,
"errorResponse": "{\"errors\":\"[API] Invalid API key or access token (unrecognized login or wrong password)\"}"

Help's appreciated very much!

All the Best!