Creating a Shopify Order via postman / Shopify API

dsp_099
July 13, 2019
200 views
0 votes
2 Answers

I ran into this tutorial using every technology in the world which is supposed to show how to build a react app from the ground up to leverage the shopify API. However there also this page describing a simple API call to do more or less what I need.

The goal is to have an entirely custom (extremely simple) checkout process that ends up in the shopify system. It would go something like this:

Stripe purchase ok -> shopify order saved -> thank you page redirect.

EDIT: It appears that the format https://api_key:[email protected]/admin/api/2019-07/orders.json solves the authentication problem. The call:

GET https://key:[email protected]/admin/api/2019-07/orders.json
returns a pleasant
{ "orders": [] } so the authentication is a-ok.

However, doing a POST https://key:[email protected]/admin/api/2019-07/orders.json

Seems to return a cryptic page, instead of an error like so (which simply leads to your demo store/app):

So, in summary, I have a store, an authorized app (which successfully authenticates) so how do I add an order for an existing SKU programmatically?

Answers

- Cody
- July 15, 2019 at 8:15 pm
- 0 votes
0
Are you sure there are no cookies on the request? Because I can reproduce your exact issue if I add cookies.

It might be easier to use curl in order to have absolute clarity into what is being posted. For example:
```
# Edit to change app hostname, key/secret, and product/variant/customer ids 

curl -X POST 'https://key:[email protected]/admin/api/2019-07/orders.json' 
-H 'Content-Type: application/json' 
-d '{
  "order": {
    "line_items": [
      {
        "product_id": 2017449607219,
        "variant_id": 17985741619251,
        "quantity": 1
      }
    ],
    "customer": {
      "id": 1257159000115
    },
    "financial_status": "pending"
  }
}
'
```
Response:
```
{
  "order": {
    "id":952834392115,
    "email":"",
    "closed_at":null,
    "created_at":"2019-07-15T14:38:18-04:00",
...
```
But if you want to stick with Postman, here are the supporting screenshots showing success without cookies, and failure with:

Confirming there are no cookies set:

Successful post to orders.json endpoint:

Now, add a cookie:

And I get the response shown in your question:
Login or Signup to reply.

- TarunLalwani
- July 16, 2019 at 3:38 am
- 0 votes
0
If you read the documentation of the private apps

Shopify doesn’t support cookies in POST requests that use basic HTTP authentication. Any POST requests that use basic authentication and include cookies will fail with a 200 error code. Using cookies with basic authentication can expose your app to CSRF attacks, such as session hijacking.

https://help.shopify.com/en/api/getting-started/authentication/private-authentication

This is on purpose, doing this on a client side is criminal. If you are doing something server side then it is ok to use basic auth. But on client side you shouldn’t be using it

If you want to use in postman then you need to use it with access_token

Private apps can authenticate with Shopify by including the request header X-Shopify-Access-Token: {access_token}, where {access_token} is replaced by your private app’s Admin API password.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.