We’re using this route: https://shopify.com/authentication/{store_id}/oauth/token to fetch tokens via the Headless app, as per this documentation. This worked fine for the last ~year, but suddenly this morning at 10AM this endpoint started returning 301 permanent redirects for every request. Nothing has changed on our end, and I’ve double checked that our tokens are still active and the store ID hasn’t somehow changed.
Anyone else experiencing anything similar? This is currently breaking our custom account portal for all logged in customers.
Hey @Sean_Denny - would you happen to have any X-Request-ID values available from the Response Header for examples of where you’re seeing the 301 responses?
I can definitely take a look at our logs to investigate further for you.
@Alan_G I don’t have an X-Request-ID, I’m guessing because this is being caught by Cloudflare. Here are the headers I do have (with our store ID scrubbed), do these help?
Response: <html>\r\n<head><title>301 Moved Permanently</title></head>\r\n<body>\r\n<center><h1>301 Moved Permanently</h1></center>\r\n<hr><center>cloudflare</center>\r\n</body>\r\n</html>\r\n
Hey @Sean_Denny - thanks for sending that my way. I was just doing some digging, and I think one of my colleagues and I were helping out your Merchant Success Manager behind the scenes with this a bit as well.
Did you end up resolving this by enforcing HTTPS on the token fetch route by any chance?
Just wanted to mention that here in case anyone else runs into the issue and stumbles across this thread on the future.
Yes, we were previously using the HTTP route, and I’m guessing there was a change on Tuesday that enforced HTTPS for this route. Switching over to HTTPS was the solution.
- would you happen to have any X-Request-ID values available from the Response Header for examples of where you’re seeing the 301 responses?