Join us for an upcoming Shopify Partner webinar on February 27, 2024. Discover the latest Checkout Extensibility features, and deep dive on improvements to Shopify Functions and Web Pixels. Register now for either the 10am EST or 2pm EST sessions.

403 responses on some requests

kmckinley
Visitor
2 0 0

I have an App bridge app which is in need of an update that will pull metafields for a stores Products. I'm using the node version of the REST API calls, so the two endpoints being used are:

 

await shopify.api.rest.Product.all({
  session: session,
});

 

to retrieve Products and:

 

await shopify.api.rest.Metafield.all({
  session: session,
  metafield: {"owner_id": "", "owner_resource": "product"},
});

 

to retrieve a given Product's metafields. Of course, there are rate limits in play that limit the usability of this in larger stores, but generally this has worked well in a dev version of the app. Additionally, the hook useAuthenticatedFetch is used to make the requests so that the required token is passed.

 

The Issue

While the above works in the dev environment, once deployed I encountered issues where some of the metafield requests would return 403 and redirect to the /auth path due to the behavior of useAuthenticatedFetch

The possible factors as I see it are:

  • Rate limits - this shouldn't be an issue as the store I'm testing is the same as the dev environment and only has about 10 Products, so with around 11 or so requests the rate limit should not be a factor.
  • Scopes - the app has write_products scope so this shouldn't be a factor (and none of the requests would work if it was)
  • Invalid Token - the requests all have the same token passed ('Bearer ...'), both the successful and 403's.

Is there another possible factor that would play into this that I've overlooked? As it stands, given the app will always attempt to reauthenticate with these requests I can't push forward and just accept the 403's as it ends up unusable, but while it wouldn't be ideal, if I could prevent that behavior for useAuthenticatedFetch that would also be an option.

Replies 2 (2)

Liam
Shopify Staff
2602 281 716

Hi Kmckinley,

 

403 errors do seem to suggest there's a scope issue causing this, but it's strange that some requests work and others do not. Are there any X-Request-ID headers that we can look into on our side? 

Liam | Developer Advocate @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

kmckinley
Visitor
2 0 0

Hello Liam,

 

I don't have anything I'm adding myself, but would you be able to utilize  the X-Cloud-Trace-Context header? One example would be 0f2959ee2418a1ffd064fa0b29d45cee. If not I can make an update to add an X-Request-ID header to the requests.