FROM CACHE - en_header
Promotion image

Authentication Issue for public shopify app

GBCorpDisk
Shopify Partner
1 0 0
‎12-09-2021 10:53 AM

I am new to APIs and I am trying to build a public Shopify app with python and Flask. I am using the starting example I found at https://github.com/garettB/shopify-flask-example/tree/master/src All of the functions in the server.py file have a decorator of @helpers.verify_web_call or a similar call to the functions in helpers.py. I have added new routes to the server.py. The def products_linking(): example I gave below is one of those routes. I can successfully navigate to the routes but without the decorator I'm running into authentication errors. The following is a function that I have added.

@app.route('/products_linking', methods=['GET'])
# @helpers.verify_web_call
def products_linking():
    shop = request.args.get('shop')
    global ACCESS_TOKEN
    if ACCESS_TOKEN:
        url = f'https://{shop}.myshopify.com/admin/api/2021-10/'
        def get_products():
            endpoint = 'products.json'
            r = requests.get(url + endpoint)
            return r.json()
        products = get_products()
        print(products)
        print(shop)
        return render_template('products_linking.html', shop=shop, products=products)

As you can see the decorator for verifying web calls is commented out. The app will run like this but when I click on the products_linking route, the terminal prints out the following for the products and shop variable.

{'errors': '[API] Invalid API key or access token (unrecognized login or wrong password)'}
None

If I attempt to navigate to the products_linking route without the decorator commented out I receive a 400 level response and the following:

hmac None
data b''

Here is the function from the helpers.py file

def verify_web_call(f):
    @wraps(f)
    def wrapper(*args, **kwargs) -> bool:
        get_args = request.args
        hmac = get_args.get('hmac')
        sorted(get_args)
        data = '&'.join([f"{key}={value}" for key, value in get_args.items() if key != 'hmac']).encode('utf-8')
        if not verify_hmac(data, hmac):
            logging.error(f"HMAC could not be verified: \n\thmac {hmac}\n\tdata {data}")
            abort(400)

        shop = get_args.get('shop')
        if shop and not is_valid_shop(shop):
            logging.error(f"Shop name received is invalid: \n\tshop {shop}")
            abort(401)
        return f(*args, **kwargs)
    return wrapper

Any ideas as to why I'm receiving these responses would be greatly appreciated.

250 Views
0 Likes
Report
Replies 0 (0)

Community Blog Articles

Image 3 - Header image 16_9 V1@2x.png
A guide to Shopify POS Launch and Operations success

Are you ready to take your business to the next level? Look no further than the latest ...

By SarahF_Shopify Apr 15, 2024
JasonH_0-1712162359820.png
Community Connect: Recap March 24’

We’re keeping the ball rolling to make sure you’re always ahead of the game. So buckle ...

By JasonH Apr 8, 2024
Portrait of Stephen positioned next to an image of planet Earth, with the Stephen's World logo displayed above.
Shopify Store Design: Expert Advice from Stephen’s World

Portrait of Stephen positioned next to an image of planet Earth, with the Stephen's World ...

By JasonH Mar 18, 2024
Terms of Service Privacy Policy