Hi,
We're currently developing an integration with Shopify for our company but we're having some issues retrieving the OAuth access token. I suspect this might be because the `https://$shopId.myshopify.com/admin/oauth/access_token` endpoint is inaccessible to our servers.
The reason I think this might be the case is because it works as expected if we make a direct call to the endpoint it works as expected. I have omitted the initial steps to get the authorisation token:
> -H "Content-Type: application/x-www-form-urlencoded" \
> --data-urlencode "code=17aa3cd463105fcf634964a78a62aa2c" \
> --data-urlencode "client_id=8715caaa52f9066e8e155XXXXXXXXXXX" \
> --data-urlencode "client_secret=shpss_45d4746a2f4ba584f268XXXXXXXXXXX"
HTTP/2 200
{"access_token":"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","scope":"read_orders"}
I also tried running our internal OAuth service locally and made the call through there - this also worked as expected.
However, when we try to perform exactly the same steps on our test environment we get the following response:
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
I was wondering whether perhaps our servers IP ranges need to be added to an allow-list or similar?
I also get a `Too Many Requests` message whenever I try to login to `shopify.dev` when connecting through our company VPN - I'm not sure if this is related or not.
Many Thanks,
