I’m developing a Shop Mini that makes fetch requests to a custom backend.
The requests include the Shopify session token in the headers, but the server responds with 403 Forbidden.
The domain is listed under trusted_domains.
I also include my SHOP_MINIS_API_KEY in every request.
This started happening today, February 12, after updating the SDK. I’m not sure if it’s related to the new consent requirement in apps, but it was working for me until yesterday.
Just to make sure I understand: you are making a request from your Mini to your backend and it recently started failing with a 403. I’m not sure how your backend authenticates so I’m not sure how our changes might have affected you. Can you tell me a bit more about your authenication?
Also, it was not completely clear from your message but just in case: the API key is meant to be stored on your backend and must not be included in your Mini
Yes, I simply use it to submit the application; it’s also handled on the backend side. However, my requests suddenly stopped working due to the 403 error. I’ve heard it might be something related to permissions, but I haven’t been able to figure out why.
Hi @Jorge_Eliecer_Munoz . Does this issue still occur and does it occur only during development? The Infinite Color Search seems to be working fine in production at the moment.
