How to get bearer access token with postman

How to get bearer access token with postman

JhonLevy
Shopify Partner
4 0 2

Hey everyone. I'm pretty new to Shopify app development,

and I would appreciate some help on the following topic:

 

I am developing a public Shopify app with node, react, and ngrok tunnel,

using the `npm init @Shopify/app@latest` command (package 3.30), according to the Shopify tutorial.

 

Now I want to add some APIs to the project and test them in postman.

So first of all I need to create the login post request which in response will send the JWT (Bearer access token),

and then we can reach the other APIs that require an active session.

My problem is that I don't know how to make it happen.

 

Here is the route in the index.js file, just above the authentication middleware.

JhonLevy_1-1673868690453.png

 

The postman request and it's dummy response.

JhonLevy_2-1673868901819.png

 

It's clear that I need to add code to the function above, and to add Params/Body for the request,

but unfortunately from that point, I don't know what to do.

 

If I indirectly get the access token, then I can reach the endpoints that require authentication.

For example, the number of products in the store.

JhonLevy_3-1673870104696.png

But the problem with that is that Shopify made the access token change every minute.

So it's simply not possible to work like that.

 

Can you help me with the required code and the login request?
Do you know if maybe that route already exists, and we only have to make the request with the right params?

Like this endpoint ?

https://{shop}.myshopify.com/admin/internal/web/graphql/core?operation=GenerateSessionToken&type=mutation 


If not, do you know about another way to do it? Or any updated guides for this task?

Please help me to figure it out.
Thanks. All the best.

Replies 3 (3)

ShopifyDevSup
Shopify Staff
1453 238 501

Hi @JhonLevy 👋


The access tokens created with the offline access mode are permanent, and only revoked when the app is uninstalled from a store. For the node boilerplate app created with the CLI, there should be a `USE_ONLINE_TOKENS` variable in the `/web/index.js` file, that can be set to `false`. 

Hope that helps!

 

 

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

JhonLevy
Shopify Partner
4 0 2

Hi @ShopifyDevSup , thank you so much for your reply.


Unfortunately, the variable you mentioned no longer exists in the new CLI version (3.30+).
Maybe it has another name? Or some other idea?

 

Thanks a lot!  🙏

ShopifyDevSup
Shopify Staff
1453 238 501

Generally, the access mode is specified when requesting permissions during OAuth as noted here. Not sure which version of the boilerplate template you're using, but it should be near wherever the session properties are being initialized. In shopify-api-js v6, it would look something like this where `isOnline: true`. In the offline access case, we would set `isOnline: false`.

 

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog