I'm trying to access the Shopify Orders API in a Loopback application. I have the following data source:
"ShopifyRestDataSource": {
"name": "ShopifyRestDataSource",
"connector": "rest",
"operations": [{
"template": {
"method": "GET",
"url": "https://mystore.myshopify.com/admin",
"headers": {
"accepts": "application/json",
"content-type": "application/json"
}
},
"headers": {
"Authorization": "Basic MzdiOD..."
},
"functions": {
"find": []
}
}]
}
And then I attempt a simple call:
var ds = app.dataSources.ShopifyRestDataSource;
ds.find(function(err, response, context) {
if (err) throw err;
if (response.error) {
next('> response error: ' + response.error.stack);
}
console.log(response);
next();
});
I'm getting the following exception message:
Error: {"errors":"[API] Invalid API key or access token (unrecognized login or wrong password)"}
at callback (/order-api/node_modules/loopback-connector-rest/lib/rest-builder.js:529:21)
The Shopify API authenticates by basic HTTP authentication and I'm sure my request works since the same data works with curl. What am I doing wrong?
I couldn't find the "Loopback way" to do this and I couldn't wait, so I just wrote a simple https Node call. I'll paste this in here but I won't accept it as the answer. I'm still hoping someone will provide the right answer.
let response;
const options = {
hostname: 'mystore.myshopify.com',
port: 443,
path: '/admin/orders.json',
method: 'GET',
auth: `${instance.api_key}:${instance.password}`
};
const req = https.request(options, (res) => {
res.setEncoding('utf8');
let body = '';
res.on('data', function(chunk) {
body += chunk;
});
res.on('end', function() {
let jsonResponse = JSON.parse(body);
// application logic goes here
response = 'ok';
});
});
req.on('error', (e) => {
response = e.message;
});
req.end();
Related
Total postman noob. I have a script (well I don't I am trying to) to do the drudge tasks of authentication and authorization which takes 2 requests:
console.log("START");
var authenticationToken;
// Identity token
var authenticationTokenRequest = {
url: 'xxxx',
method: 'POST',
timeout: 0,
header: {
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic xxxxx="
},
body: {
mode: 'urlencoded',
urlencoded: [
{key: "grant_type", value: "password"},
{key:"username", value: "xxxxx"},
{key:"password", value: "xxxx"},
]}
};
pm.sendRequest(authenticationTokenRequest, function (err, res) {
**console.log("01 send first request body");**
var responseJson = res.json();
console.log(responseJson);
pm.environment.set('ACCESS_TOKEN', responseJson['access_token']);
authenticationToken = responseJson['access_token'];
});
**console.log("Authentication token local var: " + authenticationToken);
console.log("Authorization token env var: " + pm.environment.get('ACCESS_TOKEN'));**
var authorizationTokenRequest = {
url: "xxxx",
method: "POST",
header: {
"Content-Type": "application/json",
"Authorization": "Bearer " + authenticationToken,
"Accept": "application/xxx+json"
},
body:{
tenantId: "xxx",
deviceId: "xxx"
}
}
pm.sendRequest(authorizationTokenRequest, function (err, res) {
**console.log("02 second request call");**
var responseJson = res.json();
pm.environment.set('ACCESS_TOKEN', responseJson['access_token']);
});
//
When I run this and look at the console, the console messages of the local vars show undefined. The console message for the second request shows in console before the first request. The second request depends on a value from the first.
What am I doing wrong? Thanks
I implemented a twitter login authorizer and I put an API route as the callback.
The Lambda function evoked on that route is the following:
const loginTwitterCallback = async (e, context) => {
const fetch = (...args) =>
import("node-fetch").then(({ default: fetch }) => fetch(...args));
const state = e.queryStringParameters.state;
const code = e.queryStringParameters.code;
try {
await fetch(
"https://api.twitter.com/2/oauth2/token?code=" +
code +
"&grant_type=authorization_code&client_id=" +
process.env.TWITTER_CLIENT_ID +
"&code_verifier=jwqoijoiw&redirect_uri=" + MY REDIRECT URI,
{
method: "POST",
headers: {
"Content-type": "application/x-www-form-urlencoded",
},
}
)
.then((res) => {
return res.json();
})
.then(async (data) => {
const accessToken = data.access_token;
return {
headers: {
Location:
"http://127.0.0.1:3000/auth/social?type=twitter&access_token=" +
encodeURIComponent(accessToken),
},
body: null,
statusCode: 302,
};
});
} catch (err) {
console.log(err);
}
};
Basically the user should be re-routed to the front-end where another POST request will be made to the API which will make a request to the Twitter API with the Bearer token and update the database.
The point is, I'm not being redirected to the front-end in the first place and I don't understand how to fix it.
Thanks a lot in advance.
I've configured S3 with access only through CloudFront and protected with lambda executed on Viewer request. The problem is that I'm not able to access the files from SPA because of a failing preflight call.
When I removed the lambda function everything is starting to work. This is surprising to me because lambda is not modifying the request at all.
Here is my configuration:
S3:
CloudFront:
Lambda#Edge (executed at Viewer request)
exports.handler = async (event, context, callback) => {
let request;
let token;
try {
request = event.Records[0].cf.request;
const headers = request.headers;
const authorization = headers['authorization'][0];
const authorizationValue = authorization.value;
token = authorizationValue.substring(7);
} catch (error) {
console.error("Missing authorization header", error);
callback(null, missingAuthorizationHeaderResponse);
}
if (token) {
try {
if (!secret) {
secret = await getSecret();
}
jwt.verify(token, secret);
console.log("Token valid");
callback(null, request);
} catch (error) {
console.error("Token not valid", error);
callback(null, invalidTokenResponse);
}
} else {
console.error("Token not found");
callback(null, missingAuthorizationHeaderResponse);
}
};
I will be very grateful for help since I've spent a lot of time on this case, thanks!
The problem is that the preflight call are executed without any additional headers and in my case "authorization" header was missing and was generating 403. I found that by looking into logs of the lambda. I've added handling of options call to the lambda. Also I had to change s3 config to have the response with visible CORS headers.
Lambda Code:
const preflightCall = {
status: "204",
headers: {
'access-control-allow-origin': [{
key: 'Access-Control-Allow-Origin',
value: "*",
}],
'access-control-request-method': [{
key: 'Access-Control-Request-Method',
value: "PUT, GET, OPTIONS, DELETE",
}],
'access-control-allow-headers': [{
key: 'Access-Control-Allow-Headers',
value: "*",
}]
},
};
exports.handler = async (event, context, callback) => {
let request;
let token;
try {
request = event.Records[0].cf.request;
if(request.method === 'OPTIONS') {
console.log('preflight call');
callback(null, preflightCall);
return;
}
const headers = request.headers;
const authorization = headers['authorization'][0];
const authorizationValue = authorization.value;
token = authorizationValue.substring(7);
} catch (error) {
console.error("Missing authorization header", error);
callback(null, missingAuthorizationHeaderResponse);
}
if (token) {
try {
if (!secret) {
secret = await getSecret();
}
jwt.verify(token, secret);
console.log("Token valid");
callback(null, request);
} catch (error) {
console.error("Token not valid", error);
callback(null, invalidTokenResponse);
}
} else {
console.error("Token not found");
callback(null, missingAuthorizationHeaderResponse);
}
};
S3:
[
{
"AllowedHeaders": [
"Authorization"
],
"AllowedMethods": [
"GET",
"HEAD",
"DELETE",
"POST",
"PUT"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"Access-Control-Allow-Origin"
],
"MaxAgeSeconds": 3000
}
]
This is my JS code for the API
export const getUser = async (user) => {
//Working
const json = await fetch( "*****/username/getUser", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
user:user
}),
})
.then((res) => {
return res.json();
})
.catch((err) => {
console.log("Error in getUser: " + err);
});
return json;
};
Here is an attempt to make the request, which unfortunately return the authentication error.
fetchUser.request("kirolosM")
.then((result)=>{
console.log(result);
}).catch((err)=>{console.log("Error ",err);})
The error
{
"message": "Missing Authentication Token"
}
I have tested the API using postman and it is working as expexted.
Probably useful to compare the request sent from your json code to the one you're sending from postman. It looks like you need to include you auth token in your headers in your request.
Something like
export const getUser = async (user) => {
//Working
const json = await fetch( "*****/username/getUser", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authentication": `Bearer ${token}`
},
...
When I am running below send request from Postman - Tests, getting 400 bad request.
Could anyone tell me where I am wrong in sending the request?
let loginRequest = {
url: new_url,
method: 'POST',
headers: {
"Content-Type": "application/json",
"Authorization":autho
},
body: {
mode: 'raw',
raw:JSON.stringify({
"name":child_group,
"description":"Create Via RestAPI"
})}
};
// send request
pm.sendRequest(loginRequest, function (err, res) {
console.log(err ? err : res.text());
});
Error:
{ "message" : "Missing Authorization header."}
#Manish Katepallewar , this worked for me:
let loginRequest=
{
url:new_url,
method:'post',
header:
{
'Content-Type':'application/json',
'Authorization':autho
},
body:
{
mode:'raw',
raw:JSON.stringify(
{
'name':child_group,
'description':'Create Via RestAPI'
})
}
};
pm.sendRequest(loginRequest,function(err,res)
{
console.log(err?err:res.text());
});