Shopify Developer Community Forums

Authenticate External Request in Embedded App

Authentication & Access

LT-Jed September 4, 2025, 6:22pm 1

I have a remix embedded app that provides UI to the user however I also want to allow POST requests from a external source onto one of the embedded app routes.

I got a access token from running on a page in my embedded app:

const { session } = await authenticate.admin(request);
const accessToken = session.accessToken;

To my understanding this value is an offline access token for that specific store and my app.

I then took that value of “shpat_xxxxxxxxxxxxxxx” and passed it as the value of the “x-shopify-access-token” header on the external POST request.

However, when that external post request comes through and it reaches:

const { admin } = await authenticate.admin(request);

It is failing to authenticate and attempting to redirect to /auth/login.

What am I missing? Is this not the way to authenticate a external request?

KyleG-Shopify September 4, 2025, 8:01pm 2

I would suggest taking a look at our authentication documentation. This covers the different authentication patterns for different use cases.

In particular, review the sections on session tokens, token exchange, and the differences between online and offline access tokens to understand the different authentication flows.

Topic		Replies	Views	Activity
Session Tokens And 401 Error Shopify CLI and Libraries remix	4	147	June 9, 2025
Authenticating the Admin UI with my external service Authentication & Access oauth	2	22	August 21, 2025
How can I use Oauth to Authenticate an app in my backend API GraphQL Admin API Troubleshooting general-gql-troubles	1	48	March 24, 2025
validateAuthenticatedSession for a request sent from non embedded app admin action extension Partner Discussions app-store	0	17	February 13, 2025
How to authenticate request with session tokens manually? Authentication & Access oauth	5	207	January 15, 2025