API Token issue with private App

Legacy boards (read-only) Education & Credentials

Topic summary

A user is experiencing authentication issues with a Shopify private app designed to update stock quantities via Python scripts.

The Problem:

  • API token works correctly when tested with curl from terminal
  • Same token returns “401 Invalid API Key or access token” error when used in Python script
  • User has verified no extra characters exist in the .env file and confirmed Linux EOL formatting

Technical Details:

  • Using Python with requests library and dotenv for environment variables
  • Making GraphQL API calls to Shopify Admin API (version 2024-07)
  • Token is loaded from ‘usa.env’ file and passed via ‘X-Shopify-Access-Token’ header
  • Script includes logging to verify configuration and request details

Current Status:
The issue remains unresolved. The user is seeking guidance on what might cause a valid token to fail specifically within the Python script context, despite working in other environments.

Summarized with AI on November 2. AI used: claude-sonnet-4-5-20250929.
1

Hi all

i have installed a simple private app to update stock qty which will use python scripts. A simple curl gets the correct API response to the token from the terminal window to confirm the token is correct.

when i use the token in the script it gets 401 “Invalid API Key or access token”

made sure there were no extra characters in the env file and made it linux EOL friendly

the simple test script

import requests
import os
from dotenv import load_dotenv
import logging

Setup basic logging

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger()

Load environment variables

load_dotenv(‘usa.env’)

Get credentials

SHOP_NAME = os.getenv(‘SHOPIFY_STORE_URL’)
ACCESS_TOKEN = os.getenv(‘SHOPIFY_ACCESS_TOKEN’)

Print configuration

logger.info(f"Shop URL: {SHOP_NAME}“)
logger.info(f"Token: {ACCESS_TOKEN[:6]}…{ACCESS_TOKEN[-4:]}”)

Test URL

url = f"https://{SHOP_NAME}/admin/api/2024-07/graphql.json"
headers = {
“X-Shopify-Access-Token”: ACCESS_TOKEN,
“Content-Type”: “application/json”
}

logger.info(f"Making request to: {url}“)
logger.info(f"Headers: {headers}”)

Make request

try:
response = requests.get(url, headers=headers)
logger.info(f"Status Code: {response.status_code}“)
logger.info(f"Response Headers: {dict(response.headers)}”)
logger.info(f"Response Content: {response.text[:1000]}“)
except Exception as e:
logger.error(f"Request failed: {str(e)}”)

im not a coder but looking for any pointers as to what may cause a working token to keep failing ;/

Cheers