Help

Re: Airtable Script fetching Shopify's data - Invalid Key

Solved
Jump to Solution
992 2
cancel
Showing results for 
Search instead for 
Did you mean: 
Thomas_Rodier
4 - Data Explorer
4 - Data Explorer

Hello all !
(It’s my first post in this forum, if i’m not following guidelines please feel free to tell me !)

I quite new in the Airtable world.
I’m currentlty trying to create a script (with the script app powered by Airtable) in order to fetch data from my (test) shopify store.

But here is my point :
→ Airtable do not allow to use the class authentication used by Shopify, which is :
GET https://{username}:{password}@{shop}.myshopify.com/admin/api/2021-01/shop.json

→ So i need to use Basic Auth as it’s explained in theire documentation. But it’s not working, and i get this error message : “[API] Invalid API key or access token (unrecognized login or wrong password)”.

Did someone ever face this issue and know how to solve it ?(I’m sur about my credentials, and i also delete and recreate my app in order to prevent this mistake).

I’m surely missing something but i don’t know what it is…

Here is my code :

  const apiKeyShopify = "MY_SHOPIFY_API_KEY";
  const passwordShopify = "MY_SHOPIFY_API_PASSWORD";
  const nameShopifyStore = "test-dive-analytics.myshopify.com";
  const versionApi = '2021-01'
  const shopifyUrl = "https://"+nameShopifyStore+"/admin/api/"+versionApi+"/shop.json";
  const encodedCredentialsShopify = btoa(`${apiKeyShopify}:${passwordShopify}`)
  console.log(shopifyUrl);
  console.log(encodedCredentialsShopify)
  const httpHeader = {
      /*"Access-Control-Allow-Headers" : "Content-Type",
      "Access-Control-Allow-Methods": "GET",*/
      "Content-Type": "application/json",
      "Authorization": `Basic ${encodedCredentialsShopify}`
    };
  const response = await remoteFetchAsync(`${shopifyUrl}`, { 
    METHOD: "GET",
    HEADER: httpHeader   
  });
  await response.json().then(function(res) {
    console.log(res);
  });

PS: Second chat with shopify’s support but they don’t know how to solve my issue…

Thanks a lot for your help !

1 Solution

Accepted Solutions

Actually, it’s not an exact replication. The existence of the cookie session suggests that you were logged into your Shopify account in an adjacent tab when you conducted the postman experiment. This is speculative, but likely why it worked.

In any case, this call requires that the following security scope is enabled in your Shopify API Admin console:

image

This code works just ducky for me.

// define the request url
let url          = "https://cyberlandr.myshopify.com/admin/api/2021-01/orders.json";

// define the credentials
let apiKey       = "***";
let password     = "***”;
let authKey      = btoa(apiKey + ":" + password);

let options   = {
    "method": "GET",
    "headers": {
        "Content-Type"  : "application/json",
        "Authorization" : "Basic " + authKey,
    }
}

await remoteFetchAsync(url, options)
    .then((resp) => resp.json())
    .then(function(data) {
        output.inspect(data);
    })
    .catch(function(e) {
        output.markdown("ERROR!");
        output.markdown(e.message);
    });

See Solution in Thread

6 Replies 6

Hi @Thomas_Rodier, and welcome to the community!

I would try this just for yucks.

"Authorization": "Basic " + encodedCredentialsShopify

I would also try this if the first fails to move the needle.

const encodedCredentialsShopify = btoa( apiKeyShopify + ":" + passwordShopify);

Failing any success, try this:

"content-type": "application/json",

Thanks for your answer !

Unfortunately nothing is working :confused: … !
It’s driving me crazy.

The thing that i do not understand is, i tried the same call in postman using a basic auth username and password and watching the code source with CURL i get this and get data :Capture d’écran 2021-02-17 à 12.18.22

curl --location --request GET 'https://test-dive-analytics.myshopify.com/admin/api/2021-01/orders.json' \

--header 'Authorization: Basic MTU2ODgwMWRhNTgzZThhMDU0ZGViOWIxYWM5ZWQyY2Y6c2hwcGFfMzQzNzM4Mjc2NDQ2MWY0ZTZmNzNiYjIwYzgzNjA4OTQ=' \

--header 'Cookie: _secure_admin_session_id=18949427fdc9d09d1e2a1220b6eb3fc3; _secure_admin_session_id_csrf=18949427fdc9d09d1e2a1220b6eb3fc3; _s=c5344a9b-c509-45ac-af45-848a0dfa43b5; _shopify_fs=2021-02-16T15%3A58%3A53Z; _shopify_s=c5344a9b-c509-45ac-af45-848a0dfa43b5; _shopify_y=aa047315-8d6b-447f-8676-683b9e62cbf9; _y=aa047315-8d6b-447f-8676-683b9e62cbf9'

So it’s exactly the same that i’ve done, or maybe i’m missing i something.

Actually, it’s not an exact replication. The existence of the cookie session suggests that you were logged into your Shopify account in an adjacent tab when you conducted the postman experiment. This is speculative, but likely why it worked.

In any case, this call requires that the following security scope is enabled in your Shopify API Admin console:

image

This code works just ducky for me.

// define the request url
let url          = "https://cyberlandr.myshopify.com/admin/api/2021-01/orders.json";

// define the credentials
let apiKey       = "***";
let password     = "***”;
let authKey      = btoa(apiKey + ":" + password);

let options   = {
    "method": "GET",
    "headers": {
        "Content-Type"  : "application/json",
        "Authorization" : "Basic " + authKey,
    }
}

await remoteFetchAsync(url, options)
    .then((resp) => resp.json())
    .then(function(data) {
        output.inspect(data);
    })
    .catch(function(e) {
        output.markdown("ERROR!");
        output.markdown(e.message);
    });
Thomas_Rodier
4 - Data Explorer
4 - Data Explorer

Thanks a lot Bill ! It’s working :grinning_face_with_big_eyes:

Actually i did some test regarding my code and yours, and it’s turned that my header declaration was not good.

Anyway, thanks a lot really appreciated your help !

jordanbou
4 - Data Explorer
4 - Data Explorer

Hi @Bill_French , 

Thanks for your input. 

 

And how would you do it in Airtable Script ? It seems as the fetch function is not working with this kind of authentication.

Thanks

You'll have to be more specific - the term "Airtable Script" runs in multiple environments. My example IS Airtable script, BTW. And I have no trouble with fetch() using authentication.

Bill_French_0-1704992827161.png