A space to discuss GraphQL queries, mutations, troubleshooting, throttling, and best practices.
Hi,
I am not a developer so this might be a basic question but help me out here.
I am using python Requests to get the order using following URL and it works fine.
url = "https://{API KEY}:{Admin @api Token}@mystore.myshopify.com/admin/api/2022-04/orders.json?status=any"
However when I connect to Google sheets through a connector ( Apipheny, which would be using App Script) I am using "X-Shopify-Access-Token" along with Admin API Token and it works fine too ( these are added in Header). If I use Api Key in place of X-Shopify-Access-Token it doesn't work.
So I am confused when to use API key and when to use X-Shopify-Access-Token ( what do we even call this?)
Thanks!
I have the same confusion too.
The following code example works in shopify python SDK
import shopify
url = f"https://:{admin_access_token}@mystore.myshopify.com/admin"
shopify.ShopifyResource.set_site(url)
shop = shopify.Shop.current()
print(shop.to_dict())
I mean, API_KEY is even not required. I explored a bit deep from my confusion.
What I found from `pyactiveresource` module was,
self.auth = base64.b64encode(('%s:%s' % (self.user, self.password)).encode('utf-8')).decode('utf-8')
Here,
self.password is definitely admin_access_token and self.user is either blank string or API_KEY is accepted. Yes, we are talking about custom app.
From debug log, Basic Auth header is found which is base64 hashed string found from the above code.
pyactiveresource.connection: request-headers:User-agent:ShopifyPythonAPI/12.0.0 Python/3.8.13
Authorization:Basic base64hashedstring
So, from my analogy, Python SDK is still using Basic Authentication without sending any X-Shopify-Access-Token yet it works.
This is confusing since,
official Shopify Admin REST documentation asked to Include admin access token on X-Shopify-Access-Token header on all API queries. But it is still taking Basic Auth in old fashioned way
According to github latest doc, the proper request should be sent as follows(if you already have admin access token from custom app),
import shopify
shopify_host = "https://mystore.myshopify.com"
api_version = '2022-07' # I used current latest version, you can use any that is available
admin_access_token = "XymsG.......sDff"
session = shopify.Session(shopify_host, api_version, admin_access_token)
shopify.ShopifyResource.activate_session(session)
shop = shopify.Shop.current()
print(shop.to_dict())
# Clear session
shopify.ShopifyResource.clear_session()
Above code sends access_token in header,
pyactiveresource.connection: request-headers:User-agent:ShopifyPythonAPI/12.0.0 Python/3.8.13
X-shopify-access-token:shpat****************************352