Issues with Multipass authentication

New Member
2 0 0

I'm running into some major issues using the Multipass API to authenticate users on our Shopify+ storefront from an outside source. I'm using a simple Next.js API function as my endpoint to call Multipass using Shopify's suggested Node.js package, `multipassify`. I also attempted to use a newer NPM package called `multipass-js` but no luck there either.

Basically, no matter how I construct my encrypted/encoded token URL I receive a 422 error from the Multipass endpoint with little context into the specifics of the issue. It simply says "Invalid Multipass request", and I can tell the error from the server is a 422.

I've already confirmed that my `MULTIPASS_SECRET` and `WEBSITE_URL` are both matching, correct values, and the multipass URL passed back from the API appears to be properly constructed as well. Here's an example URL for reference: ` I've even attempted to set the base URL to our primary TLD instead of the URL to see if that has any effect. No luck.

Also, I've tried using a simple `window.location.href` redirect to the new tokenized login URL as well as a GET call using the fetch api, but neither one seems to have any impact on the 422 error that Shopify returns. Similarly, I thought my issue could be CORS-related since I was working on `localhost` for my initial tests, but after deploying to a subdomain of our main site the issue continues to persist.

Here's a look at the API function that I constructed to generated the tokenized URL:

multipass serverless functionmultipass serverless function

For extra context, you can check out my dumb client app to help test things out. Use `` to be certain you're posting an email with an active user account: 

Any feedback or suggestions would be freaking awesome. I'm stumped on this one.

Colin Darland
Head of Engineering @ Neighbor
Replies 0 (0)