App Not Opening in Production After Token Refresh - App Proxy 401 Errors

Shopify App Store
1

Hi Shopify Support Team,

We’re following up on our security incident (Ticket #0d2b4207-c525-4c0d-9afb-6f031afa2711) where we were required to rotate API credentials and refresh access tokens.

What We’ve Completed:

  • :white_check_mark: Generated new API credentials (client_secret)

  • :white_check_mark: Removed old API credentials

  • :white_check_mark: Refreshed access tokens for our merchant base (~91% success rate)

  • :white_check_mark: Updated offline access tokens specifically

  • :white_check_mark: Updated all environment variables in our hosting

Current Problem:

After completing the token refresh process, merchants cannot open the app in production. The app runs successfully in our local development environment, but in production we’re seeing 401 Unauthorized errors related to App Proxy in our logs.

Error Details:

  • Error: 401 Unauthorized - App Proxy

  • Frequency: Intermittent (affecting some stores, not all)

  • Pattern: No clear correlation with which stores had successful token refresh

Our Questions:

  1. Is the app being unlisted/unpublished causing this issue? Or is this a separate technical problem?

  2. Does the App Proxy require specific reconfiguration after credential rotation? We’ve updated tokens but the proxy authentication is still failing.

  3. Do we need to handle offline vs online tokens differently for App Proxy requests?

  4. Is there a propagation delay or caching issue that could be causing intermittent 401 errors after token refresh?

Why This is Urgent:

We need to understand if this is blocking republication of our app, or if it’s a separate technical issue we need to resolve. Our merchants currently cannot access the app, and we want to ensure we’re addressing the right problem before requesting republication.

Technical Setup:

  • Framework: Remix (Shopify official template)

  • Hosting: Fly.io

  • Using: @shopify/shopify-app-remix for authentication

  • Features: Embedded admin app + App Proxy for storefront

Could you please help us understand:

  • Whether the unlisted status is related to this issue

  • What specific steps we need to take to resolve the App Proxy 401 errors

  • Any diagnostics or logs we should review

Thank you for your guidance.

Best regards,

2

Hi @Julian_Bischoff1

Is this issue occasional when some merchants open their apps, or do some merchants consistently experience 401 problems?