Created a Custom App and Theme App extension (App Block) in Shopify and configured the app proxy to make third party API call from App block (app.js) to backend node js code. Currently getting 304 error and it is redirecting to /api/auth?shop=shopDomain and expecting Authorization header to be present.
Steps followed are:
Created a Custom App and Theme App extension (App Block) in Shopify
Configured the App Proxy
Trying to make API call from App Block ( app.js ) to the Custom App backend (Node) API.
Issue:
The API calls are returning 302/304 status codes
Following error is shown on Custom App terminal
2023-01-18 13:53:48 | backend | [shopify-app/INFO] Running validateAuthenticatedSession
2023-01-18 13:53:48 | backend | [shopify-app/INFO] Session was not valid. Redirecting to /api/auth?shop=shopDomain | {shop: shopDomain}
2023-01-18 13:53:48 | backend | [shopify-api/ERROR] Missing Authorization header, was the request made with authenticatedFetch? | {isOnline: false}
How to get the authentication token from Theme App Extension( App Block app.js ) or how to successfully authenticate the backend node APIs ?
(https://i.stack.imgur.com/yKUDB.png)](https://i.stack.imgur.com/PRdas.png)](https://i.stack.imgur.com/PqlEY.png)]
2
Answers
You can’t, you need to create a secure endpoint that will handle requests coming from a frontend (world) and then use JavaScript Fetch API to query that endpoint. That includes building custom auth for frontend requests and validation logic. So you should end up with creating a theme app block that will contain
<script>
tags with your fetch request in it.By the way, /api/auth is usually used to handle OAuth 2.0 during app installation process, so you won’t be able to do anything related to what you want to achieve with it.
If you have set the app proxy correctly, all fetches to
/apps/subpath
will be redirected to your app (/api/app_proxy
in this case):After that you have to check if the request is secure and made by Shopify, this is the Ruby code to check it:
I hope it helps!