A developer is building a Shopify Admin Action Extension and needs to authenticate API calls to an external server (not Shopify’s Admin API). They attempted to import authentication functions from their web/frontend folder into the extension folder but encountered issues.
Shopify’s recommended approach:
fetch() with the configured auth domain or subdomains—an Authorization header with an OpenID Connect ID Token is automatically addedUnresolved challenge:
One participant successfully received the Authorization header after initial difficulties. However, another developer asks about making requests to a separate server that is not the configured auth domain or subdomain, questioning whether manual session token management is possible in Admin UI Extensions. This specific use case remains open/unanswered in the thread.
I am using Shopify Admin action extension and using network access outside Shopify.
In the web/front-end folder, I create authenic and I can get session in here.
But in the admin extension folder, I tried to import the authentic function from web/front-end folder to there but it’s not working.
My structure:
–extension
–admin-action-extension
–index.ts
–web
–frontend
–authenticate
–index.ts
Please help me. I was stack here in 3 days
Hi there 
If you are inside of an Admin Action Extension and you want to make an API call to Shopify you can use Direct API Access.
Any fetch() calls to Shopify’s Admin GraphQL API from your extension are automatically authenticated by default.
You can review this tutorial on using Direct API Access from within Admin Action extension
Thank for your reply but I don’t want to make a call API to Shopify’s Admin, I created an API outside from another server and I want to make a call API to there
Thank you for confirming your use case!
If you are making API calls to your apps backend, when you use fetch() to make a request to your app’s configured auth domain or any of its subdomains, an Authorization header is automatically added with a Shopify OpenID Connect ID Token. There’s no need to manually manage session tokens. Docs here
@nhtbao101 Is this solution working for you? I am using fetch(app:/path) from an admin extension, but am not getting an Authorization header sent with the request. https://community.shopify.com/post/2286912
Nevermind. I am now getting the header.
Hey @lizk , I am trying to make requests to a separate server that is not my configured auth or subdomain. Is there a way for me to manage session tokens manually in the admin UI extensions? Here is my question (https://community.shopify.com/topic/2525112))