Home/ Questions/Q 8581335
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T21:01:21+00:00

I am starting to develop a Shopify integration. The app that I am trying

  • 0

I am starting to develop a Shopify integration. The app that I am
trying to integrate has a different subdomain per user account, and so
will need to redirect to a different callback domain for each oauth
connection request. So far I am redirecting to the Shopify authorise
URL to allow the user to grant access to their account. However, I get
an error response of:

{"error":"invalid_request",
 "error_description":"The redirect_uri and application url must have matching hosts"}

The URL is of the form:

https://SHOP_NAME.myshopify.com/admin/oauth/authorize?client_id=MY_CLIENT_ID&scope=read_order&redirect_uri=SUBDOMAIN.MYAPP.com

I have tried setting the application URL (set in the admin page in
Shopify) to all of these and receive the same error:

http://MYAPP.com
http://.MYAPP.com
http://*.MYAPP.com

However, I can get it to work with:

http://SUBDOMAIN.MYAPP.com

I can create an endpoint that just takes information from the query
string, and redirects to the subdomain, for example:

callback.MYAPP.com?subdomain=SUBDOMAIN

Which would work around this, but I would rather that the Shopify API
supported subdomains since I would like to also create links in the
Shopify pages into my app, and would rather not have to keep building
these levels of indirection. (Although, looking at the admin page for
the application links, it looks like I will have to do the same there
too.)

I am using a non-standard TLD (since this is currently in
development). So where I’ve put MYAPP.com it’s really oh.dev, however
I have tried using a .com by editing my hosts file, with the same
results.

Does anyone know how to get Shopify to accept a subdomain as a
callback_url? Have I missed something obvious?

Here’s some Clojure code:

(require '[com.twinql.clojure.http :as http] '[clojure.contrib.logging :as log])

(defn consumer []
  {:key "1234567890"
   :secret "1234567890abcde"})

(defn shopify-config [shop-name]
  {:request-token-url (str "https://" shop-name ".myshopify.com/admin/oauth/authorize")
   :authorise-url (str "https://" shop-name ".myshopify.com/admin/oauth/authorize")
   :access-token-url (str "https://" shop-name ".myshopify.com/admin/oauth/access_token")
   :api-endpoint-url (str "https://" shop-name ".myshopify.com")})

(defn get-redirect-url [shop-name callback-url]
  (let [{consumer-token :key consumer-token-secret :secret} (consumer)]
    (str (-> shop-name shopify-config :request-token-url)
         "?client_id=" consumer-token
         "&scope=read_orders,read_products,read_customers"
         "&redirect_uri=" callback-url)))

(defn get-access-credentials [verifier shop-name]
  (let [{:keys [key secret]} (consumer)
        response (http/post (-> shop-name shopify-config :access-token-url)
                            :as :json
                            :query {"client_id" key
                                    "client_secret" secret
                                    "code" verifier})]
    (log/debug (str "response from getting access credentials from shopify : " response))
    {:access-token (-> response :content :access_token)
     :consumer-key key
     :consumer-secret secret}))

(def methods {:get http/get
              :post http/post
              :delete http/delete
              :put http/put})

(defn- make-request [method shop-name url token params]
  (let [response (method (str (-> shop-name shopify-config :api-endpoint-url) url)
                         :as :json
                         :query params
                         :headers {"X-Shopify-Access-Token" token})]
    (if (-> response :code (= 200))
      (:content response)
      (do
        (log/error (str "Error in shopify request : " response))
        (throw (Err. {:handle :shopify-request-error
                      :response response}))))))

(defn get-products [shop-name token page]
  (make-request (:get methods) shop-name "/admin/products.json" token {:page page :limit 200}))

Also, there is some code that gets things like the shop-name from the
user, and stores it in the DB and so on. So we basically call
get-redirect-url to redirect the user to shopify, and get them to
approve the permissions. The callback-url that we pass to Shopify is
something like:

http://customer1.oh.dev/integrations/shopify/1/callback

Which then takes the code provided and calls get-access-credentials.
The surrounding code stores the access-token, etc that we return. Then
there is an other user action that will call get-products, after
retrieving the token & shop-name.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you set the application URL to http://myapp.com you should be able to specify the redirect_uri=http://domain.myapp.com, is this what you are doing? Can you post the code you are using to make the oauth request?

    • 0