"Invalid API key or access token" when executing graphqlMutation: webhookSubscriptionCreate

Solved

"Invalid API key or access token" when executing graphqlMutation: webhookSubscriptionCreate

myosotis
Shopify Partner
3 1 0

Since March, in our released public app, an error has started occurring when calling the webhookSubscriptionCreate via Admin GraphQL Mutation.


"[API] Invalid API key or access token (unrecognized login or wrong password)"
If you report this error, please include this id: 210e0edf-4dd4-429b-bd2d-a7900848a6e2-1710765057
at HttpResponseError.ShopifyError [as constructor] (/home/node/node_modules/@shopify/shopify-api/dist/error.js:13:28)
at new HttpResponseError (/home/node/node_modules/@shopify/shopify-api/dist/error.js:104:28)
at HttpClient.<anonymous> (/home/node/node_modules/@shopify/shopify-api/dist/clients/http_client/http_client.js:248:43)
at step (/home/node/node_modules/tslib/tslib.js:144:27)
at Object.next (/home/node/node_modules/tslib/tslib.js:125:57)
at fulfilled (/home/node/node_modules/tslib/tslib.js:115:62)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
response: {
code: 401,
statusText: 'Unauthorized',
body: {
errors: '[API] Invalid API key or access token (unrecognized login or wrong password)'
},
headers: [Object: null prototype] {
...
}
}
}

Regarding authentication, it was implemented by a previous developer several years ago, and I don't fully understand it. After reviewing the code, logs, and development documentation, here's what I've found:

  • The current app is not set up using Shopify CLI.
  • Thus, it appears that token exchange is not implemented, unlike with Remix apps.
  • Other queries and mutations are not failing in general.
  • Only some specific merchants are experiencing failures, not all.
  • Despite updating to the latest Shopify/API version due to warnings about the old version, the issue persists.

I understand that we probably should migrate to a configuration using Shopify CLI, but I want to address the issue for the specific merchants currently affected as soon as possible. Can you investigate the cause based on the error ID provided above? I'm ready to provide additional information if needed.

Accepted Solution (1)

myosotis
Shopify Partner
3 1 0

This is an accepted solution.

This issue has been resolved.

The root cause was the use of an outdated version of the Shopify API.

To address this, we updated all packages within the app to their latest versions, including the Shopify API. Additionally, we implemented custom session management using Redis storage within the app's backend, where we now also manage the access tokens internally. Although the app initially lacked proper mechanisms for token exchange, we resolved this by introducing a system to refresh sessions. We understand that this solution may not be entirely sufficient, and we plan to switch to an app setup using Remix in the near future.

It took over a month to resolve this issue, but it has been an educational experience in understanding Shopify's authentication processes. We also appreciate the support provided by the Shopify support team during this period.

View solution in original post

Reply 1 (1)

myosotis
Shopify Partner
3 1 0

This is an accepted solution.

This issue has been resolved.

The root cause was the use of an outdated version of the Shopify API.

To address this, we updated all packages within the app to their latest versions, including the Shopify API. Additionally, we implemented custom session management using Redis storage within the app's backend, where we now also manage the access tokens internally. Although the app initially lacked proper mechanisms for token exchange, we resolved this by introducing a system to refresh sessions. We understand that this solution may not be entirely sufficient, and we plan to switch to an app setup using Remix in the near future.

It took over a month to resolve this issue, but it has been an educational experience in understanding Shopify's authentication processes. We also appreciate the support provided by the Shopify support team during this period.