Retrieving OAuth access token endpoint possibly being blocked

crunch
Shopify Partner
3 0 0

Hi,

We're currently developing an integration with Shopify for our company but we're having some issues retrieving the OAuth access token. I suspect this might be because the `https://$shopId.myshopify.com/admin/oauth/access_token` endpoint is inaccessible to our servers.

The reason I think this might be the case is because it works as expected if we make a direct call to the endpoint it works as expected. I have omitted the initial steps to get the authorisation token:

 

> -H "Content-Type: application/x-www-form-urlencoded" \
> --data-urlencode "code=17aa3cd463105fcf634964a78a62aa2c" \
> --data-urlencode "client_id=8715caaa52f9066e8e155XXXXXXXXXXX" \
> --data-urlencode "client_secret=shpss_45d4746a2f4ba584f268XXXXXXXXXXX"
HTTP/2 200 
{"access_token":"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","scope":"read_orders"}

 

 I also tried running our internal OAuth service locally and made the call through there - this also worked as expected.

However, when we try to perform exactly the same steps on our test environment we get the following response:

 

<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

 

I was wondering whether perhaps our servers IP ranges need to be added to an allow-list or similar?

I also get a `Too Many Requests` message whenever I try to login to `shopify.dev` when connecting through our company VPN - I'm not sure if this is related or not.

Many Thanks,

Replies 0 (0)