When the app review team uninstall and reinstall my app with their automated tools, they are getting an error because the uninstall webhook has not yet triggered the delayed job to delete the Shop record. I think that's then tripping up the install process because it is finding the old shop record with an invalid access token.
I've been advised that:
You should not be relying on an uninstalled webhook to determine a shop's status with your app. instead, each time a shop hits your app,
you should make a request to your server to first determine if the
access token you have for them is valid (if so, they have your app
installed - if not, redirect to OAuth) and then from there check for a
valid charge ID using the billing API (if not, redirect to billing
page).
How should I check the api key validity? When the app is installed they are redirected through splash page, so I need to somehow know if it's a new install and if it is, check the access token somehow?
It's really hard to tell what's wrong without knowing your architecture or request auth flow, so the solution could be somewhere else. Embedded apps redirect to shopify domain where Shopify checks if app URL is added to the store. If not it will return "There is no page at this address".
Answering your question -> the easiest way would be to make an API to /admin/shop.json request and see if you get a 401.
Related
I have created an App in https://developers.facebook.com/apps and I have one Facebook page, in that I have created ads and I got some leads, those leads I can see in Leads Center in respective page.
So I need to retrieve this Leads into my server.
When I run this below API in browser excel file is downloading directly and I can see all my leads in that file https://www.facebook.com/ads/lead_gen/export_csv/?id=XXXXXXXXXXXXX&type=form.
By using my App(which I created in developer) done some setting and I created webhook for user,pages and permission, in permission I can see lead_retrival, ad_reads and I have tested, those tested leads are coming into my server by given webhook URL.
But how can I get my actual leads which is in Lead Center belongs to my page and is there any APIs are available ?
Is APP review necessary to retrieve leads from form or any other option(I tried Zapier but that is not I am looking for).
what I tried:
I am working on my server so I went through with this link PHP cURL to verify Facebook API login access_token on server?, and created all access tokens by my app and I am getting Success. Login is valid
then I did not understand next what I have to do.
Can any one help on it please?
Thanks
Sandeep
My purpose is to automate (as buyer) login into PayPal Sandbox(1) and confirm payment(2) using REST requests (with Postman) after being redirected from third-party payment service.
From there a got a link like: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=EC-5AU897953H105581R
I have login and password for buyer account.
I was able to import request from devtools network and it leads me to confirm form, but I cannot make it generic. I found out that the minimum body values are (on screen), but there are some changes in cookies at headers. I am not sure if my approach is even correct. Do you have any ideas?
If you find out the first very easily, maybe you will also have some tips for confirming payment.
I already searched a lot for answers. There are some instructions for sandbox API, but it looks like it needs clientId and secret(?). See those on the PayPal Sandbox development page, but I do not have credentials for dev dashboard, only for my test customer.
I've implemented embed app installation process and got access token for shop on backend. How do i supposed to authenticate user when he open the app now? There is no shop name and hmac in query string when user open my app.
When you get a token back, for a shop, you are supposed to store that token in your persistence layer so you can re-use it, and to start a session. Whenever Shopify sends a request to your app they include the shop name so you can look it up and get the token and start a session. Requests without a shop name and no session spell re-authentication time.
Are you missing the part about starting a session? If someone is trying to access your App without authenticating, you need to block that access obviously. The tricky thing is ensuring all requests from your App to your App include the shop name so that if the session you started expires, you have a chance of re-authenticating one.
I am in the process of updating my Shopify App with new Permissions. This means there is a change in the authourize_url which would show up the permissions window when trying to install an app. I have also changed the redirect URL of the App. The App is currently listed in Shopify, and there are accounts using the App.
How would this change affect the current App Installs?
How do I go about this without having any downtime or manually asking Customers to uninstall and reinstall the App again?
What is the best way to handle such scenario?
You change the scopes. Your customers will therefore all have unauthorized oAuth tokens. The next time they try and use the App with the new scopes, your App will create a new oAuth token for their access as Shopify will prompt them to accept your new scopes.
It seems like pain, but it is the only way to go.
I'm new to shopify app development and trying to build a shopify app with node and followed this post here. Everything worked as explained, but I have things to get clarified, may be very basic things.
My question is where to specify the link that's directed when shop owner select my app from the installed apps list of the shop?
As I understood from the post above App URL given in the App info section of the app is used for installation process and from there it's redirected to one of the Whitelisted redirection URL(s) as defined in the app for HMAC validation and exchanging a permanent access token to access the shops' admin API later.
Now Once my test-app is installed to a shop and when the app is selected from the installed apps list, the request again goes to the App URL and get redirected to callback URL generating a new access token. If this is how it is supposed to be, why it's called a permanent access token and need to be stored? If this not how it should be how to specify a url to direct when the app is selected from the installed app list?
In Short
where to define the url to direct when a shop admin select the app from is installed apps section of the shop like shown below.
After install the HMAC validation and temp code is just to get the permanent token, which you should then store securely in a database.
You don't have to show any of that process to the user using your app; you can have it happen in the background and then redirect to whatever route you like after you have the permanent token.