{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"

New Member
4 0 0

I'm using a private app to generate the api key and password

I have used the url to call the api, but getting invalid url.



When I remove the api keys from the url, however keep the "search.json" at the end of the url I get an error. So the url I get the error with is:



When I remove the" "search.json" at the end and my url becomes:



I get a good response, however I would like data in JSON format because I am using the chatbot service called Manychat and they can only read data in JSON format.


What I am trying to do, is from manychat, call out to Shopify to search for a customer in the store by name, then display back into manychat the orderstatus, fullfilled, the tracking number, the URL  for tracking


I have attached some screenshots

This screenshot, I used the URL without the api key and passoword in the URL, but it is on the headers page



This Screenshot shows the response headers jargon22.JPG33.JPG

This is where I get a good response back, however I've removed the very end of the api key"search.json", and of course it doesn't really return the data that I would like.



Replies 14 (14)
Shopify Partner
94 5 13

HI Triston,

From this point, I assume that, you have resolved the "Invalid API Key or Token issue as you are receiving the data".


As for the other query, from the documentation, I think you are looking for this endpoint - 




to retrieve all the customers. Important to note is that this call is paginated, so you get a maximum of 250 results in a page & then query the next page like this - 

 /admin/api/2019-04/customers.json?page=2 & so on.


You can get the count of all customers with this endpoint -




If there are more than 250, you may want to query the next page.




New Member
4 0 0

The “Invalid API Key or Token issue” is only technically resolved only once I remove the “ /admin/api/2019-04/customers.json” from the URL I am using to call out to shopify. This however doesn’t return the data I am seeking.

If I use “https://mystore.myshopify.com/admin/api/2019-04/“ the call works, as I put the API key and password into the headers, but again, doesn’t return the data I am seeking. From following the documentation, I should be using “https://myapikey:myapipassword@mystore.myshopify.com/admin/api/2019-04/customers.json” for example and this URL gives me the error.

All I am trying to do is: use manychat to call to shopify, get the status of an order, then spit it back to manychat.

Shopify Partner
94 5 13


First thing first, make sure that you are copying the key & Password from here -






where order_id is the actual order id you are querying.

All of the above works for me everywhere, the browser, the POSTMAN, Python shell, PHP, Node.js, etc.,


Make sure that you have copied the Key & Password as well as the scope correctly & you have the orders in your store to query though this has nothing to do with 404 or incorrect api key or password.

If still doesn't work for you, it would be nice, if  you could share the steps you are following.

Shopify Partner
94 5 13

Just a point - you need to include the API KEY & Password as a part of URL & need not to send as headers.

New Member
4 0 0

Thanks for you time.

The URL works for me as well in my browser, it returns data. However, in Manychat is where it displays invalid URL.

It may be as simple as the request headers not being inputted correctly.

Do you have any experience with manychat as a software to shed some light how my request headers should be structured?
Shopify Partner
94 5 13


I do not have experience with Manychat, however, if it is a GET request to shopify, you do not need any additional headers.

Are you able to make a request on POSTMAN? Can you share something? 

The URL should look something like this - 



Please use this & let me know if you are able to sort it out in POSTMAN.



New Member
1 0 0

I am facing same issue while calling this api - 





["Content-Type: application\/json; charset=utf-8","Accept: application\/json;","X-Shopify-Access-Token: <<shopify access token>>"]



{"customer":{"first_name":"Hello Dev","last_name":"","email":"devsdatest@notify.com","phone":"566655446","verified_email":true,"send_email_invite":true}}



[API] Invalid API key or access token (unrecognized login or wrong password)"}


Can you please help me in this


New Member
2 0 0



Have you got any solution for this, i am also facing similar issue

New Member
2 0 0



I can able to get a response using postman


I am using React Native after integrating with application getting a response a follows


Object {
"errors": "[API] Invalid API key or access token (unrecognized login or wrong password)",


return axios
.then(function(response) {
// handle success
// this.setState({ dt: response });
.catch(function(error) {
// handle error
.finally(function() {
// always executed
Can you help me with this issue to resolve it


New Member
6 0 0

I am replacing with api key and api password with api key and api secret not sure still am getting the same error

10 2 0

Hi All,

I am also facing the same issue.


Can you please guide me how to resolve this issue.



New Member
1 0 0

i have the same issue first in the .env file give api scope for read_orders then if your app is already installed then you should update your app of uninstall app then install and give X-Shopify-Acess-Token in the header i have done the same thing to solve this problem

New Member
2 0 1

It works almost everywhere, except some "special" clients, so in case someone needs this in the future, here is the solution https://shopify.dev/tutorials/authenticate-a-private-app-with-shopify-admin#:~:text=Basic%20authenti...

  1. Join the API key and password with a single colon (:).

  2. Encode the resulting string in base64 representation.

  3. Prepend the base64-encoded string with Basic and a spaceadd this as header: Authorization: Basic NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZjMTk6M2U1YTZlZGVjNzFlYWIwMzk0MjJjNjQ0NGQwMjY1OWQ=

Shopify Partner
7 1 1

Having a similar issue but a bit confused - I have no API password.

when creating my app i was given an API access token, API key and secret key - there's no password.

is this for older versions of apps?