Join us for an upcoming Shopify Partner webinar on February 27, 2024. Discover the latest Checkout Extensibility features, and deep dive on improvements to Shopify Functions and Web Pixels. Register now for either the 10am EST or 2pm EST sessions.

Retrieving OAuth access token endpoint possibly being blocked

crunch
Shopify Partner
3 0 0

Hi,

We're currently developing an integration with Shopify for our company but we're having some issues retrieving the OAuth access token. I suspect this might be because the `https://$shopId.myshopify.com/admin/oauth/access_token` endpoint is inaccessible to our servers.

The reason I think this might be the case is because it works as expected if we make a direct call to the endpoint it works as expected. I have omitted the initial steps to get the authorisation token:

 

> -H "Content-Type: application/x-www-form-urlencoded" \
> --data-urlencode "code=17aa3cd463105fcf634964a78a62aa2c" \
> --data-urlencode "client_id=8715caaa52f9066e8e155XXXXXXXXXXX" \
> --data-urlencode "client_secret=shpss_45d4746a2f4ba584f268XXXXXXXXXXX"
HTTP/2 200 
{"access_token":"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","scope":"read_orders"}

 

 I also tried running our internal OAuth service locally and made the call through there - this also worked as expected.

However, when we try to perform exactly the same steps on our test environment we get the following response:

 

<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

 

I was wondering whether perhaps our servers IP ranges need to be added to an allow-list or similar?

I also get a `Too Many Requests` message whenever I try to login to `shopify.dev` when connecting through our company VPN - I'm not sure if this is related or not.

Many Thanks,

Replies 0 (0)