Conversations about creating, managing, and using metafields to store and retrieve custom data for apps and themes.
I have an App bridge app which is in need of an update that will pull metafields for a stores Products. I'm using the node version of the REST API calls, so the two endpoints being used are:
await shopify.api.rest.Product.all({
session: session,
});
to retrieve Products and:
await shopify.api.rest.Metafield.all({
session: session,
metafield: {"owner_id": "", "owner_resource": "product"},
});
to retrieve a given Product's metafields. Of course, there are rate limits in play that limit the usability of this in larger stores, but generally this has worked well in a dev version of the app. Additionally, the hook useAuthenticatedFetch is used to make the requests so that the required token is passed.
The Issue
While the above works in the dev environment, once deployed I encountered issues where some of the metafield requests would return 403 and redirect to the /auth path due to the behavior of useAuthenticatedFetch.
The possible factors as I see it are:
Is there another possible factor that would play into this that I've overlooked? As it stands, given the app will always attempt to reauthenticate with these requests I can't push forward and just accept the 403's as it ends up unusable, but while it wouldn't be ideal, if I could prevent that behavior for useAuthenticatedFetch that would also be an option.
Hi Kmckinley,
403 errors do seem to suggest there's a scope issue causing this, but it's strange that some requests work and others do not. Are there any X-Request-ID headers that we can look into on our side?
Liam | Developer Advocate @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog
Hello Liam,
I don't have anything I'm adding myself, but would you be able to utilize the X-Cloud-Trace-Context header? One example would be 0f2959ee2418a1ffd064fa0b29d45cee. If not I can make an update to add an X-Request-ID header to the requests.