A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
Hi guys, hope you are having a good day. I am trying to learn shopify but I am really stuck. I have gone through the whole tutorial available but still do not understand how to perform a REST API Call with the API key info..
I want to be able to query a json file with GET, but cannot seem to connect without any error. I have posted in the shopify forum but have had no response. I feel like I am missing something really obvious. I have spent hours looking around the documentation and cannot get this to work.
I keep getting the error "errors: '[API] Invalid API key or access token (unrecognized login or wrong password)' " from the code to try to access that JSON.
fetch('https://<API-KEY>:<API-SECRET-KEY>@test-store-cap.myshopify.com/admin/api/2020-07/checkouts.json')
.then(response => response.json()) .then((jsonData) => {
// jsonData is parsed json object received from url
var data = jsonData;
for (var i = 0; i < data.length; i++)
{
var obj = data[i];
console.log("Email: " + obj.email + ", Phone Number: " + obj.phone);
}
console.log(jsonData)
})
.catch((error) => {
// handle your errors here
console.error(error)
})
I honestly have no idea it keeps giving me this error, despite explicitly using the api key in the URL (I have taken mine out). I haven't used the imported ones from .env yet as I am just trying to get this test working before I make it adaptable. I got this code from stack overflow and I am completely out of ideas. I heard btoa was required but that did not work either. Any help is greatly appreciated.
bump
Have you tried generating a new api key set? There may be an issue with the current one.
Another thought, just to verify. Are you creating a private app or public one?
@Martin_Caumno I haven't tried that but I will do. Also I am creating a public one but I am not sure how the security vulnerabilities of using the Admin API would work out, however I do not see a way to get the checkouts data other than using the Admin API
Ah. There is your issue. The method of calling the API that you are using is for private apps. Public apps need to go through an Oauth handshake then you can get a permanent access token for that store. Once you have that token it can be used on the public app API. To tell the difference, the private ones have the 'key: secret@' in the beginning. The public ones just have the single token in the middle.
Sorry. I was not at my computer so I could not give a more detailed answer. Essentially there are security risks with both private and public apps. One advantage of public apps is that you can ask for specific permissions from the store at install. This means that if someone (ie a hacker) gets your token then they would only be able to complete actions you have asked permissions for. Private apps do not need to ask for permissions and this makes their keys a lot more dangerous. No matter which route you go, make sure you secure your token/keys. They should never be in the source code (or handled in anyway really) on the front end. This risks exposing them. Instead they should be handled by your server making calls from your server side.
That being said, you are correct that getting checkout information is pretty much only available from the REST API. I would definitely recommend studying more about how to make a public app. There are multiple tutorials out there for languages such as Ruby or Node.js. I also have written a bare-bones starter app in PHP that is available on GitHub. You can check it out here: https://github.com/XenithTech/php-shopify-app-skeleton. It should be easily translatable into another language if you would rather not use PHP. It you have any other questions or issues just let me know, either on here or on GitHub and I will be glad to help you out.
Thanks for all of the help @Martin_Caum , really appreciate it. I've used php a lot in the past so that sounds great, thanks, I'll give it a try. I'll let you know if I have any issues!
Hi @Martin_Caum , I am currently working through your tutorial but I am stuck on a couple of bits. For the database, would that be fine as any local MySql server such as WAMP / AMMPS? And I am not sure whether the error is because I haven't created the database, but when I click 'install to development store' it brings up the index page but does nothing else- am I suppose to write the code here to install the app?
Many thanks, Sam 🙂
You should be able to use any database you would like. If you use MySQL to work with the database everything should work fine. If you use something other than MySQL than all code working with databases would need to be re-written. As far as the blank index. It should have a title on it listing the store and clientId. But I imagine this would not work without the database being setup. Once you get that working then yes, the index.php is where you start setting up your app. The system in my GitHub gets you through the install/Oauth process but the app doesn't do anything at that point. So you would then need to build out your UI and whatever calls you need your app to do. If you need assistance on that part let me know and I would be glad to help out.