skip to Main Content

I am writing on the Shopify admin API. I am trying to store a new product through Spring boot REST template. It shows an error. I read an article. that said, “I want to change read and write access in the private app”. I changed it to read and write mode. But The read mode is working fine. When I try to add a new product. I am getting the error.

Request:

Method : POST

{
    "product": {
        "title": "Burton Custom Freestyle 151",
        "body_html": "<strong>Good snowboard!</strong>",
        "vendor": "Burton",
        "product_type": "Snowboard",
        "published": false
    }
}

Response:

<html>
    <body>
        <noscript>
            <a href="https://app.shopify.com/services/login/identity?destination_uuid=9b4d5083-3355-4828-93dd-f077e9531664&amp;return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Fshop_name%3DFestivya%26state%3DRFvJCqXh64NCu1FGcxpD8vzVFSJrDVuDkTuz9exEjDjFgjbjXD5X8KFDXQu4LKOjOahYF0Bid_Dy2ejkD8yUu4mIHpKUT2aT0fpiAIhROlhT9NxAU3QkzBMeb715ANSGOon1duh3pqkRlZD0URqr3B8YUzcTC1lA8BpN5Thjg--LIpOKpJHbtE6FlbBQ-yHZ8dq3RDJilr9pCo42I3owe-wOj3Z7gvQ-IOZ_h_xNtKY%253D&amp;ui_locales=en&amp;upgradeable=true&amp;ux=shop">Continue</a>
        </noscript>
        <script type="text/javascript">
      window.location = "https://app.shopify.com/services/login/identity?destination_uuid=9b4d5083-3355-4828-93dd-f077e9531664u0026return_to=https%3A%2F%2Fapp.shopify.com%2Fservices%2Flogin%2Fidentity_callback%3Fshop_name%3DFestivya%26state%3DRFvJCqXh64NCu1FGcxpD8vzVFSJrDVuDkTuz9exEjDjFgjbjXD5X8KFDXQu4LKOjOahYF0Bid_Dy2ejkD8yUu4mIHpKUT2aT0fpiAIhROlhT9NxAU3QkzBMeb715ANSGOon1duh3pqkRlZD0URqr3B8YUzcTC1lA8BpN5Thjg--LIpOKpJHbtE6FlbBQ-yHZ8dq3RDJilr9pCo42I3owe-wOj3Z7gvQ-IOZ_h_xNtKY%253Du0026ui_locales=enu0026upgradeable=trueu0026ux=shop";
    </script>
    </body>
</html>

2

Answers


  1. This is not a API permission issue. In that case you will get a related error message. This issue is because of sending cookies with POST request. As per Shopify documentation:

    Shopify prevents HTTP Basic Auth POST requests that have cookies,
    which can cause POST calls to fail. If your POST call fails, then you
    should try clearing your cookies.

    Just disable the cookies. For that I think yor are looking for Session Creation Policy.

    STATELESS:
    Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext

    For more information have a look at this detailed answer.

    Login or Signup to reply.
  2. In your Web Security Configuration file, which is inherited from WebSecurityConfigurerAdapter, like:

    @Configuration
    @EnableWebSecurity
    @EnableConfigurationProperties
    public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {}
    

    in the method protected void configure(HttpSecurity http) throws Exception define session management to STATELESS like this:

    BasicAuthProperties properties = basicAuthProperties();
    http.requestMatchers().antMatchers(properties.getPath())
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .csrf().disable();
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search