Questions and discussions about using the Shopify CLI and Shopify-built libraries.
Hello, I'm hoping someone here may have some insight into what I've missed. My app submission was rejected by the automated tester and the only info I have is:
"App must verify the authenticity of the request from Shopify.
There was an error connecting to your app. Make sure its App URL and Allowed redirection URL work correctly."
Looking in my server logs I see a direct hit to my app url, without any of the context parameters added (hmac, shop, etc). Just a direct hit to the app url, which we are rejecting with a 400 as it appears to be a bad request.
Is a direct hit to the app url (no params added) expected? If so, what is the server expected to do as there is not enough information to generate a redirect to the authorize screen?
Thanks, any help is greatly appreciated,
Jeff
Solved! Go to the solution
This is an accepted solution.
Not sure if it was something we did, or Shopify did, but we started getting a clearer error message late last week (and the app url hits started including shop, hmac, etc. params). We were told to make sure our webhook calls were responding with a 401 status on failed hmac validation, where we had been returning 403.
This is an accepted solution.
Not sure if it was something we did, or Shopify did, but we started getting a clearer error message late last week (and the app url hits started including shop, hmac, etc. params). We were told to make sure our webhook calls were responding with a 401 status on failed hmac validation, where we had been returning 403.