I try to execute simple request using storefront api, such that has been shown in tutorials and "getting started articles".
I've tried to authenticate using several different options:
- by url
- with Authorization: Basic base64(apikey:password)
- with custom header X-Shopify-Access-Token: apikey
But still have 401 response.
There is one request that I used below:
POST https://%mystore%.myshopify.com/admin/api/2020-10/shop.json HTTP/1.1
UPD: I used wrong api endpoint.
Host: %mystore%.myshopify.com
User-Agent: GraphQL.Client/3.2.0.0
X-Shopify-Access-Token: 2%myaccesstoken%
traceparent: 00-9a471591195ff944ad0fab31cfaa5db4-5880000947509440-00
Content-Type: application/json; charset=utf-8
Content-Length: 108
{"query":"\r\n shop { id name email }\r\n ","variables":null,"operationName":null}
And the response:
HTTP/1.1 401 Unauthorized
Date: Sat, 19 Dec 2020 14:00:02 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Sorting-Hat-PodId: 180
X-Sorting-Hat-ShopId: 52109148341
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-ShopId: 52109148341
X-ShardId: 180
WWW-Authenticate: Basic Realm="Shopify API Authentication"
Strict-Transport-Security: max-age=7889238
X-Shopify-Stage: production
Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://* shopify-pos://*; block-all-mixed-content; child-src 'self' https://* shopify-pos://*; connect-src 'self' wss://* https://*; frame-ancestors 'none'; img-src 'self' data: blob: https:; script-src https://cdn.shopify.com https://cdn.shopifycdn.net https://checkout.us.shopifycs.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.stripe.com https://mpsnare.iesnare.com https://appcenter.intuit.com https://www.paypal.com https://js.braintreegateway.com https://c.paypal.com https://maps.googleapis.com https://www.google-analytics.com https://v.shopify.com https://widget.intercom.io https://js.intercomcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=b701dfad-4abb-4943-8be7-ce78f6253803
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=update&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=admin%2Fshops&source%5Bsection%5D=admin_api&source%5Buuid%5D=b701dfad-4abb-4943-8be7-ce78f6253803
X-Dc: gcp-us-east1,gcp-us-central1,gcp-us-central1
X-Request-ID: b701dfad-4abb-4943-8be7-ce78f6253803
CF-Cache-Status: DYNAMIC
cf-request-id: 071ce5f0ee00007b733a8d0000000001
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 6041a5c7eacf7b73-DME
59
{"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}
Where have I gone wrong?
UPD: I used wrong api endpoint. https://%mystore%.myshopify.com/admin/api/2020-10/shop.json
I replaced this url to https://%mystore%.myshopify.com/api/2020-10/graphql.json
And now I receive Forbidden status code.
The question is same )
Shopify Discussion
Partners and Developers
