I ran into this tutorial using every technology in the world which is supposed to show how to build a react app from the ground up to leverage the shopify API. However there also this page describing a simple API call to do more or less what I need.

The goal is to have an entirely custom (extremely simple) checkout process that ends up in the shopify system. It would go something like this:

Stripe purchase ok -> shopify order saved -> thank you page redirect.

EDIT: It appears that the format https://api_key:[email protected]/admin/api/2019-07/orders.json solves the authentication problem. The call:

GET https://key:[email protected]/admin/api/2019-07/orders.json returns a pleasant { "orders": [] } so the authentication is a-ok.

However, doing a POST https://key:[email protected]/admin/api/2019-07/orders.json

Seems to return a cryptic page, instead of an error like so (which simply leads to your demo store/app):

So, in summary, I have a store, an authorized app (which successfully authenticates) so how do I add an order for an existing SKU programmatically?

I ran into this tutorial using every technology in the world which is supposed to show how to build a react app from the ground up to leverage the shopify API. However there also this page describing a simple API call to do more or less what I need.

The goal is to have an entirely custom (extremely simple) checkout process that ends up in the shopify system. It would go something like this:

Stripe purchase ok -> shopify order saved -> thank you page redirect.

EDIT: It appears that the format https://api_key:[email protected]/admin/api/2019-07/orders.json solves the authentication problem. The call:

GET https://key:[email protected]/admin/api/2019-07/orders.json returns a pleasant { "orders": [] } so the authentication is a-ok.

However, doing a POST https://key:[email protected]/admin/api/2019-07/orders.json

Seems to return a cryptic page, instead of an error like so (which simply leads to your demo store/app):

So, in summary, I have a store, an authorized app (which successfully authenticates) so how do I add an order for an existing SKU programmatically?

• javascript
• oauth
• postman
• shopify
• shopify-app

Share Improve this question Follow edited Jul 14, 2019 at 1:12 dsp_099 asked Jul 13, 2019 at 10:50 dsp_099dsp_099 6,1312020 gold badges7979 silver badges132132 bronze badges 3

• The above error is most probably due to cookies.. Don't send any cookies via Postman to Shopify. – Bilal Akbar Commented Jul 15, 2019 at 8:36
• @BilalAkbar I have tried it without cookies with the same result (other than content-type) – dsp_099 Commented Jul 15, 2019 at 10:10
• Can you check your header? Looks like you have some headers in POST request which might be causing this. – patilnitin Commented Jul 15, 2019 at 18:07

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 4 +500

Are you sure there are no cookies on the request? Because I can reproduce your exact issue if I add cookies.

It might be easier to use curl in order to have absolute clarity into what is being posted. For example:

# Edit to change app hostname, key/secret, and product/variant/customer ids 

curl -X POST 'https://key:[email protected]/admin/api/2019-07/orders.json' \
-H 'Content-Type: application/json' \
-d '{
  "order": {
    "line_items": [
      {
        "product_id": 2017449607219,
        "variant_id": 17985741619251,
        "quantity": 1
      }
    ],
    "customer": {
      "id": 1257159000115
    },
    "financial_status": "pending"
  }
}
'

Response:

{
  "order": {
    "id":952834392115,
    "email":"",
    "closed_at":null,
    "created_at":"2019-07-15T14:38:18-04:00",
...

But if you want to stick with Postman, here are the supporting screenshots showing success without cookies, and failure with:

Confirming there are no cookies set:

Successful post to orders.json endpoint:

Now, add a cookie:

And I get the response shown in your question:

If you read the documentation of the private apps

Shopify doesn't support cookies in POST requests that use basic HTTP authentication. Any POST requests that use basic authentication and include cookies will fail with a 200 error code. Using cookies with basic authentication can expose your app to CSRF attacks, such as session hijacking.

https://help.shopify./en/api/getting-started/authentication/private-authentication

This is on purpose, doing this on a client side is criminal. If you are doing something server side then it is ok to use basic auth. But on client side you shouldn't be using it

If you want to use in postman then you need to use it with access_token

Private apps can authenticate with Shopify by including the request header X-Shopify-Access-Token: {access_token}, where {access_token} is replaced by your private app's Admin API password.