Questions and discussions about using the Shopify CLI and Shopify-built libraries.
Hi,
Were creating a sales channel with an embedded app on the frontend. The frontend uses the app bridge to get the session token which has an accessToken field inside it. i pass the accessToken into the shopify python sdk with
session = shopify.Session(
self.shop_url,
SHOPIFY_API_VERSION,
accessToken
)
shopify.ShopifyResource.activate_session(session)
then when i use this session to try and get all product listings from a store with the code
def get_products(self):
"""
Get products
"""
with ShopifyClient(self.store) as client:
product_listings = client.ProductListing.find()
return [pl.to_dict() for pl in product_listings]
i get the error :
{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}%
Please how do i get the shopify api to work. i have tried the sales channel api key insted of the accessToken and i still get the same error.
Thanks
I'm still trying to understand the 'complexity' of creating apps but as I understand it the app bridge sends a "session token" back to YOUR server. That session token is just used by YOUR server to authenticate the request from YOUR own clientside code. You have to already have either a online access token, fetched using the user id in the "session token" or an offline access token, usually stored in a db for the given shop, both from oauth. What type of app are you making? public, custom-made-in-shop, custom-made-in-shopify-dev or private(deprecated) ?
Hi Thanks, we are making a sales-channel app. i do not understand what you mean tho. isint it the access token from the session token sent back to our server we use to call the shopify api? or is there another key were meant to be using? Thanks
Does your app perform oauth during installation?
When you first perform oauth you can use the grant code to get an access token. You have to save that access token in a database so you can look it up later to authenticate your requests to shopify from your server.
I'm making an embedded admin app so I'm not sure if it differs but I think app bridge works the same way for a sales channel app. The session token (a JWT token) just confirms that the client is who it says it is, you can get the shop and logged in user id.
There is some explanation here:https://shopify.dev/apps/auth/oauth/session-tokens#oauth-and-session-tokens
Specifically :
Unlike API access tokens, session tokens can't be used to make authenticated requests to Shopify APIs.
Although I'm making a custom app maybe my workflow will help:
So session token (JWT) != access token. And you can't get the access token from the session token as I understand it, but you need the fields to be able to lookup the correct access token from your database, these are the fields it contains:
https://shopify.dev/apps/auth/oauth/session-tokens#payload
This is actually still a little simplified because detecting if the app is installed in the shop is not intuitive and properly handling when a user logs out and you need to redirect to your auth from within the iframe is also complicated.