verifyRequest() not working for rest routes using fetch function

Technical Q&A

Topic summary

Problema con una ruta REST en una app de Shopify hecha con Koa: una petición fetch('/api/testRoute', { method: 'POST', body: JSON.stringify(...) }) funciona si la ruta no usa verifyRequest(), pero entonces no se obtienen correctamente datos como shop, body o session. Al añadir verifyRequest() en la ruta, la llamada falla y aparece un error en consola mostrado en una captura.

Puntos clave:

  • verifyRequest() es el middleware de Shopify que valida la sesión/token antes de permitir acceso a la ruta.
  • Se sugirió no aplicarlo directamente en el router.post(...), sino como middleware del servidor Koa con server.use(verifyRequest(...)).
  • Al probar eso, apareció un nuevo problema: ngrok redirected you too many times, impidiendo la instalación normal de la app.
  • Luego se recomendó cambiar el orden de los middlewares, colocando verifyRequest() después de createShopifyAuth(...) o después de registrar las rutas.

Estado actual: no hay confirmación de una solución final; la discusión queda abierta y centrada en el orden correcto de middlewares en server.js.

Summarized with AI on March 6. AI used: gpt-5.4.
1

I am trying to create a Shopify application using the session tokens. I am using koa-router for creating a rest API route and I need to get the shop name and body content.

this is my fetch function

await fetch('/api/testRoute',{

  method: 'POST',

  headers: {
        'Content-Type': 'application/json',
      },

  body: JSON.stringify({
        message: 'Hello World',
      }),

    })
.then((res) => res.json())
.then((res) => {
        console.log(res);
      })
.catch((e) => console.log(e));

this is my route

  router.post('/api/testRoute', verifyRequest(), async (ctx) => {

    console.log('CALLED');

    console.log(ctx);

    console.log(ctx.body);

    console.log(ctx.session);

    ctx.body = { status: true, message: 'Updated' };

  });

issue - If I call this route through the frontend WITHOUT verifyRequest, it works( i can get a response back) but I cannot get the shop name or body or anything else.
If I add the verifyRequest() and then try I get this in the app console

Screenshot from 2021-06-18 02-17-30.png
Screenshot from 2021-06-18 02-17-30.png781×115 12.4 KB

How to successfully call these routes, and get shop name and body details?

2

Hi @ketangupta34

Aibek is here from Speedimize.io agency.

You should pass the verifyRequest() function to the server, not to the router. If you use Koa-auth, then most likely you use for the server also use Koa. Try this way:

const Koa = require(‘koa’);
const server = new Koa();
server.use(verifyRequest());

Hope that helps you.

1 Like
3

@Anonymous Hi there,

Thank you for responding back.

i tried the above solution and with that, i get “ngrok redirected you too many times”.

if i remove that, the app is installed.

const app = next({ dev });

app.prepare().then(() => {
  const server = new Koa();
  const router = new Router();

  server.use(
    verifyRequest({
      accessMode: 'offline',
    }),
  );
  server.use(
    createShopifyAuth({
      async afterAuth(ctx) { ... }
    })
  )

  router.post('/api/testRoute', async (ctx) => {
    console.log('CALLED');
    console.log(ctx);
    console.log(ctx.body);
    console.log(ctx.session);

    ctx.body = { status: true, message: 'Updated' };
  });

  server.use(router.allowedMethods());
  server.use(router.routes());

  server.listen(port, () => {
    console.log(`> Ready on http://localhost:${port}`);
  });
});

This is my server.js structure

4

Hi @ketangupta34

Try to put this piece of code

server.use(
    verifyRequest({
      accessMode: 'offline',
    }),
  );

after this:

  server.use(
    createShopifyAuth({
      async afterAuth(ctx) { ... }
    })
  )

or after this:

  server.use(router.allowedMethods());
  server.use(router.routes());

Hope that helps you.