Im Trying to generate an external tracking code

Shopify Apps

Topic summary

A developer is struggling to create a tracking code fulfillment via Shopify’s API using cURL and PHP, despite following documentation for two days.

Initial Problem:

  • Original code attempted to update order fulfillment with tracking numbers using HMAC authentication
  • Code structure included reversed/garbled text, suggesting formatting issues

Attempted Solutions:

  • Another user suggested verifying API credentials, checking the data structure (nesting fulfillments correctly), and confirming HMAC header generation
  • Recommended adding better error handling and HTTP status code debugging

Current Status:

  • Developer implemented suggestions but still receiving “404 Not Found” errors
  • Updated code now targets the orders endpoint (/admin/api/2024-01/orders/{order_id}.json) with comprehensive fulfillment data including tracking company, numbers, URLs, and customer notifications
  • Using both $apiKey and $accessToken in headers with HMAC authentication
  • Detailed cURL response shows successful connection but resource not found, suggesting potential endpoint URL or API version issues

Unresolved: The discussion remains open with no working solution yet identified.

Summarized with AI on November 11. AI used: claude-sonnet-4-5-20250929.
1

Im Trying to generate an external tracking code with cUrl and API

I tried for 2 days long, I have no clue what im doing wrong, im following the documentation, im lost

I can’t make it work, Can anyone help me?

public function sendBackShopify()
{
$accessToken = ‘’; // Hidden
$apiSecret = ‘’; // Hidden

$url = ‘’; // Hidden

$data = [
‘fulfillment’ => [
‘tracking_numbers’ => [‘BR000001556375783’],
‘notify_customer’ => true
]
];

$hmac_header = base64_encode(hash_hmac(‘sha256’, json_encode($data), $apiSecret, true));

$headers = [
‘Content-Type: application/json’,
'Authorization: Bearer ’ . $accessToken,
'X-Shopify-Hmac-Sha256: ’ . $hmac_header
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Adicionando esta linha
$response = curl_exec($ch);

$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo 'HTTP Status: ’ . $http_status . “\n”;

if (curl_errno($ch)) {
echo 'Erro: ’ . curl_error($ch);
} else {

if ($response) {
$result = json_decode($response, true);
var_dump($result);
echo ‘Rastreio enviado com sucesso.’;
} else {
echo ‘Resposta vazia.’;
}
}

curl_close($ch);
}

2

It looks like you’re trying to send a request to the Shopify API to update order fulfillment information with tracking details. Your code seems generally well-structured, but there might be a couple of things to check and adjust. Here are a few suggestions:

  1. Verify API Credentials:

    • Double-check that your $accessToken, $apiSecret, and $url variables are correctly set with the appropriate values from your Shopify app.

  2. Update Request URL:

    • Ensure that the $url variable contains the correct URL for the Shopify API endpoint you’re trying to access.

  3. Review Data Structure:

    • Make sure the structure of the data you’re sending in the request matches the Shopify API expectations. The fulfillment object might need to be nested under the fulfillments key.

phpCopy code
$data = [ ‘fulfillments’ => [ [ ‘tracking_numbers’ => [‘BR000001556375783’], ‘notify_customer’ => true ] ] ];

  1. Check HMAC Header:

    • Confirm that the HMAC header is being generated correctly. Ensure that the $apiSecret is the correct value and that the hash_hmac function is providing the expected result.

  2. Debugging:

    • Add some additional error handling and debugging statements to help identify any issues. For example, you can print out the curl error if it occurs:

phpCopy code
if (curl_errno($ch)) { echo 'Curl Error: ’ . curl_error($ch); } else { // Rest of your code }

  1. HTTP Status Code Handling:
    • Add more detailed information about the HTTP status code in your output. Shopify’s API might return more specific status codes that could help troubleshoot the issue.

phpCopy code
echo 'HTTP Status: ’ . $http_status . “\n”; if ($http_status != 200) { // Handle errors based on the HTTP status code echo 'Error: ’ . $response; } else { // Successful response handling }

By reviewing and adjusting these aspects, you might be able to identify and resolve any issues with your cURL request to the Shopify API. If the problem persists, consider consulting Shopify’s API documentation or reaching out to their support for further assistance.

3

I tried your sugestions, but still it isnt working.

I had searched in other topics, and tried some things, maybe Im doing nothing wrong this time. But, it just wont work.

My code looks like this right now:

public function sendBackShopifyCommunity()
{
$accessToken = ‘’; // Hidden
$apiSecret = ‘’; // Hidden
$apiKey = ‘’; // Hidden
$shop_url = ‘’; // Hidden

$order_id = ‘1011’;
$trackingCode = ‘BR000001556375783’;
$url = “https://$shop_url/admin/api/2024-01/orders/$order_id.json”;

$data = [
‘order’ => [
‘id’ => $order_id,
‘fulfillment_status’ => ‘fulfilled’,
],
‘fulfillments’ => [
‘tracking_company’ => ‘Rastreio’,
‘tracking_number’ => $trackingCode,
‘tracking_numbers’ => [$trackingCode],
‘tracking_url’ => 'https://hidden/'.$trackingCode,
‘tracking_urls’ => ['https://hidden/'.$trackingCode],
‘status’ => ‘success’,
‘service’ => ‘manual’,
‘notify_customer’ => true,
‘tracking_info’ => [
‘number’ => $trackingCode,
‘url’ => 'https://hidden/'.$trackingCode,
‘company’ => ‘Rastreio’
]
],
‘note_attributes’ => [
‘name’ => ‘Order status:’,
‘value’ => $trackingCode
]
];

$json_data = json_encode($data);

$hmac_header = base64_encode(hash_hmac(‘sha256’, $json_data, $apiSecret, true));

$headers = [
‘Content-Type: application/json’,
'Authorization: Bearer ’ . $apiKey,
'X-Shopify-Hmac-Sha256: ’ . $hmac_header,
'X-Shopify-Access-Token: ’ . $accessToken
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, “PUT”);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json_data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);

$http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo 'HTTP Status: ’ . $http_status . “
”;
var_dump(curl_getinfo($ch));

if ($http_status != 200) {
echo 'Error: ’ . $response . “
”;
var_dump(curl_getinfo($ch));
}
if (curl_errno($ch)) {
echo 'Error: ’ . curl_error($ch). “
”;
} else {
if ($response && !empty($response)) {
$result = json_decode($response, true);
var_dump($result);
} else {
echo ‘
Resposta vazia.’;
}
}

curl_close($ch);

}

The response:
HTTP Status: 404
array(37) { [“url”]=> string(65) “hidden” [“content_type”]=> string(31) “application/json; charset=utf-8” [“http_code”]=> int(404) [“header_size”]=> int(2605) [“request_size”]=> int(335) [“filetime”]=> int(-1) [“ssl_verify_result”]=> int(0) [“redirect_count”]=> int(0) [“total_time”]=> float(0.442833) [“namelookup_time”]=> float(0.001077) [“connect_time”]=> float(0.201524) [“pretransfer_time”]=> float(0.23098) [“size_upload”]=> float(591) [“size_download”]=> float(22) [“speed_download”]=> float(49) [“speed_upload”]=> float(1334) [“download_content_length”]=> float(-1) [“upload_content_length”]=> float(591) [“starttransfer_time”]=> float(0.230987) [“redirect_time”]=> float(0) [“redirect_url”]=> string(0) “” [“primary_ip”]=> string(12) “23.227.38.74” [“certinfo”]=> array(0) { } [“primary_port”]=> int(443) [“local_ip”]=> string(14) “186.232.180.29” [“local_port”]=> int(40608) [“http_version”]=> int(3) [“protocol”]=> int(2) [“ssl_verifyresult”]=> int(0) [“scheme”]=> string(5) “HTTPS” [“appconnect_time_us”]=> int(432191) [“connect_time_us”]=> int(201524) [“namelookup_time_us”]=> int(1077) [“pretransfer_time_us”]=> int(230980) [“redirect_time_us”]=> int(0) [“starttransfer_time_us”]=> int(230987) [“total_time_us”]=> int(442833) } Error: {“errors”:“Not Found”}
array(37) { [“url”]=> string(65) “https://5b5682-3.myshopify.com/admin/api/2024-01/orders/1011.json” [“content_type”]=> string(31) “application/json; charset=utf-8” [“http_code”]=> int(404) [“header_size”]=> int(2605) [“request_size”]=> int(335) [“filetime”]=> int(-1) [“ssl_verify_result”]=> int(0) [“redirect_count”]=> int(0) [“total_time”]=> float(0.442833) [“namelookup_time”]=> float(0.001077) [“connect_time”]=> float(0.201524) [“pretransfer_time”]=> float(0.23098) [“size_upload”]=> float(591) [“size_download”]=> float(22) [“speed_download”]=> float(49) [“speed_upload”]=> float(1334) [“download_content_length”]=> float(-1) [“upload_content_length”]=> float(591) [“starttransfer_time”]=> float(0.230987) [“redirect_time”]=> float(0) [“redirect_url”]=> string(0) “” [“primary_ip”]=> string(12) “23.227.38.74” [“certinfo”]=> array(0) { } [“primary_port”]=> int(443) [“local_ip”]=> string(14) “hidden” [“local_port”]=> int(40608) [“http_version”]=> int(3) [“protocol”]=> int(2) [“ssl_verifyresult”]=> int(0) [“scheme”]=> string(5) “HTTPS” [“appconnect_time_us”]=> int(432191) [“connect_time_us”]=> int(201524) [“namelookup_time_us”]=> int(1077) [“pretransfer_time_us”]=> int(230980) [“redirect_time_us”]=> int(0) [“starttransfer_time_us”]=> int(230987) [“total_time_us”]=> int(442833) } array(1) { [“errors”]=> string(9) “Not Found” }