Shopify REST API Oauth - 401 Error

Rechunk
Shopify Partner
8 0 0

Hi there,

 

I implemented the OAuth flow that's described in the docs (without any library, just using plain python). It's working correctly. Well, at least for a while.

 

After some time (I'd guess a day) all the requests start throwing 401 errors.

 

I read about the difference between offline and online mode, and the default is supposed to be offline mode.

 

Could it be that I get online mode access tokens without actually specifying the mode?

 

I tried looking into how the access mode is specified, but didn't find anything.

 

This is the URL I redirect users to:

 

https://{shop}/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_url}&state={nonce}&grant_options[]=per-user

 

And this is the code I use to receive the access token:

 

req = requests.post(
    f'https://{shop}/admin/oauth/access_token',
    {
        'client_id': 'xyz',
        'client_secret': 'xyz',
        'code': 'xyz'
    },
)
 

How can I specify the access mode here? Did I accidentally overwrite it?

 

Any help would be appreciated.

 

Thanks! 🙂

Replies 12 (12)

Y4TO
Shopify Partner
12 2 0

"App developers should make sure to handle such a response gracefully. After an access token has expired, Shopify returns a 401 Unauthorized response code." 
https://shopify.dev/apps/auth/oauth/access-modes 

Make sure the access token you're trying to use isn't expired. 

Ahmed Vohra
You can email me at: ahmedvohra1@hotmail.com

Hire me on upwork

Y4TO
Shopify Partner
12 2 0

 

Also, I'm not sure how you can do it in python but, this is how you can set online access mode  in js

 

const app = express(); 
 app.set("use-online-tokens", USE_ONLINE_TOKENS);

 

 



https://github.com/Shopify/shopify-app-template-node/blob/a572a919cf26b1e913fe176e6605191c5a8bd024/s... 

Ahmed Vohra
You can email me at: ahmedvohra1@hotmail.com

Hire me on upwork
hamzasgd
Shopify Partner
149 22 29

@Rechunk add this in your above request

accessMode: 'offline',

 

★ Was my reply helpful? Click Like to let me know!
★ Was your question answered? Mark it as an Accepted Solution
✉ Contact me at hamzasgd1@gmail.com
❖ For Shopify App and Theme Development or Modifications ❖ | ☛ Hire me on Upwork | Whatsapp
Rechunk
Shopify Partner
8 0 0

Hi there,

thanks for the answer. I tried it, but unfortunately after a day it's giving me 401's again...

hamzasgd
Shopify Partner
149 22 29

@Rechunk I need more info 401 on frontend request to backend or backend API request to Shopify.

★ Was my reply helpful? Click Like to let me know!
★ Was your question answered? Mark it as an Accepted Solution
✉ Contact me at hamzasgd1@gmail.com
❖ For Shopify App and Theme Development or Modifications ❖ | ☛ Hire me on Upwork | Whatsapp
hamzasgd
Shopify Partner
149 22 29

@Rechunk I have been working on shopify apps for 2+ years never once did I encounter this issue once the offline token is generated it never expires unless the app is uninstalled.

★ Was my reply helpful? Click Like to let me know!
★ Was your question answered? Mark it as an Accepted Solution
✉ Contact me at hamzasgd1@gmail.com
❖ For Shopify App and Theme Development or Modifications ❖ | ☛ Hire me on Upwork | Whatsapp
Rechunk
Shopify Partner
8 0 0

@hamzasgd The 401 happens with the following path: /admin/api/2022-04/orders.json?status=any&limit=5 

 

As I said, it works just fine for the first day, but stops thereafter. The API token that's passed is still the same.

 

Could it maybe have anything to do with the fact that I'm only testing it on a development shop? Probably not, right?

hamzasgd
Shopify Partner
149 22 29

@Rechunk Yes it does not have anything to do with the development shop

★ Was my reply helpful? Click Like to let me know!
★ Was your question answered? Mark it as an Accepted Solution
✉ Contact me at hamzasgd1@gmail.com
❖ For Shopify App and Theme Development or Modifications ❖ | ☛ Hire me on Upwork | Whatsapp
hamzasgd
Shopify Partner
149 22 29

@Rechunk The behaviour you are describing is clearly an online token

★ Was my reply helpful? Click Like to let me know!
★ Was your question answered? Mark it as an Accepted Solution
✉ Contact me at hamzasgd1@gmail.com
❖ For Shopify App and Theme Development or Modifications ❖ | ☛ Hire me on Upwork | Whatsapp
Rechunk
Shopify Partner
8 0 0

@hamzasgdI added 'accessMode' in the json payload as per your description, just underneath the 'code' key. Unfortunately, haven't found anything in the docs about this, just describing the difference between access modes, but not how they are actually requested...

 

 

Rechunk
Shopify Partner
8 0 0

Is there any way to actually see the accessMode when the token is returned in the response?

Rechunk
Shopify Partner
8 0 0

Just found the solution...

 

I needed to change  the grant_options in the URL from "per-user" to "value":

grant_options[]=value

 Found it here in the docs: https://shopify.dev/apps/auth/oauth/getting-started#ask-for-permission

 

But pretty hidden 😕