A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
Hi,
We're currently developing an integration with Shopify for our company but we're having some issues retrieving the OAuth access token. I suspect this might be because the `https://$shopId.myshopify.com/admin/oauth/access_token` endpoint is inaccessible to our servers.
The reason I think this might be the case is because it works as expected if we make a direct call to the endpoint it works as expected. I have omitted the initial steps to get the authorisation token:
> -H "Content-Type: application/x-www-form-urlencoded" \
> --data-urlencode "code=17aa3cd463105fcf634964a78a62aa2c" \
> --data-urlencode "client_id=8715caaa52f9066e8e155XXXXXXXXXXX" \
> --data-urlencode "client_secret=shpss_45d4746a2f4ba584f268XXXXXXXXXXX"
HTTP/2 200
{"access_token":"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","scope":"read_orders"}
I also tried running our internal OAuth service locally and made the call through there - this also worked as expected.
However, when we try to perform exactly the same steps on our test environment we get the following response:
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
I was wondering whether perhaps our servers IP ranges need to be added to an allow-list or similar?
I also get a `Too Many Requests` message whenever I try to login to `shopify.dev` when connecting through our company VPN - I'm not sure if this is related or not.
Many Thanks,