CLI > Theme Dev > cart ajax 401

ceri_waters · January 27, 2026, 2:01pm

I have reproduced the issue on the latest CLI version.

Yes, I am on the latest version

I have searched existing posts and this report is not a duplicate.

Yes, this isn’t a duplicate

In which of these areas are you experiencing a problem?

Theme

Expected behavior

Cart Items should be added/updated/deleted

Actual behavior

When running shopify theme dev any requests made to the cart ajax API seem to result in a 401.

Reproduction steps

Download a theme i.e. Horizon
Run the CLI
Attempt to add a product to the basket
401 Error on XHR

Verbose output

N/A

Operating system

Windows 11

CLI version

3.89.0

Shell

Git Bash

Nodejs version

24.6

What language and version are you using in your application?

N/A

Josh-Shopify · January 27, 2026, 2:45pm

Hey @ceri_waters, thank you for flagging this! Could I get some verbose logs from you? I’ll send you a DM so you can send it that way.

Gray-Shopify · January 27, 2026, 5:31pm

This might be the same as these two threads:

Nic_Oliver · January 27, 2026, 8:07pm

Also experiencing this.

Since it’s a 401, it may be worth mentioning that we are using SHOPIFY_CLI_THEME_TOKEN env var in development.

maxisergio · January 28, 2026, 8:25am

I am having the same problem. I updated yesterday to the 3.89.0 version and now when I try add to cart in my local with Shopify theme dev, I ve POST 401 /cart/add

Federico_Giampietro · January 28, 2026, 10:07am

same here - updated to 3.89.0 and i’m getting 401 on POST cart/add, but with previous versions (including 3.89.0) i’m also randomly getting 429 with GET /cart, even if there is a single call on the endpoint.

at current state it’s impossible to work on the local environment which means it’s blocking all development to whatever impacts on the cart!

Donal-Shopify · January 28, 2026, 11:12am

Thanks for the context folks - I can reproduce this on 3.89.0. The 401 on cart AJAX endpoints (/cart/add.js, etc.) when running shopify theme dev.

I’ve raised this with the CLI team internally. In the meantime, rolling back to 3.88.0 should get you unblocked:

npm install -g @shopify/cli@3.88.0

I’ll update this thread once I’ve an update to share from the CLI team - thanks again for flagging!

ConduciveMammal · January 28, 2026, 11:49am

I’ve been experiencing this as well.

Interestingly, the issue occurred after updating the 3.89.0, but even when downgrading several versions, the issue isn’t resolved for me.

This seems to be affecting all endpoints. My store, by default set to GBP, is currently defaulting to US currency. In the store’s cookies, localization is setting itself to US and cart_currency is setting to USD even after clearing cookies and data.

When on the storefront, if I use the country selector to change the market, I also get the 401 Unauthorized error, the browser won’t even load the page and tries to navigate to http://127.0.0.1:9292/localization.

Lewis · January 28, 2026, 2:02pm

Also seeing the 401 response on any calls to cart based endpoints. Also on 3.89.0 CLI.

Can also replicate @ConduciveMammal ‘s comments about the localisation issue.

ConduciveMammal · January 28, 2026, 2:12pm

It seems to kind of work when using the --verbose flag.

I can now add to cart again but it’s still stuck in the US market. Now if I try to change the market, it directs to this URL: http://127.0.0.1:9292/localization?language_code=en&shpxid=e6a7d728-dae8-4786-a4df-1f3742d06941 and crashes with a 307 Too Many Redirects error.

devenini · January 28, 2026, 2:40pm

Same issue for me on 3.89.0

mrkaluzny · January 30, 2026, 11:30am

I’m also seeing 401 on login requests (similar to this issue from 2023).

Details:

Used to work, but stopped recently
Tested on CLI versions 3.89.0 and 3.88.0, same issue on both
Disabling CAPTCHA still returns 401

@Liam-Shopify forwarded to the login issue to the CLI team, I couldn’t find any additional news

Logs details:

2026-01-30T11:28:18.045Z: → Rendering /account/login?_fd=0&pb=0…
2026-01-30T11:28:18.691Z: ← 200 (request_id: c1a1f4e4-221e-4846-953c-e88a9d9b9be7-1769772498)
• 11:28:18 Request »    GET 200 /account/login 590ms
• 11:28:29 Request »   POST 401 /account/login 432ms```

MaxX · January 30, 2026, 1:52pm

Same problem on 3.89.0 & 3.90.0 : 401 on cart ajax endpoints (add.js, update.js, …)

Revert to 3.88.1 works fine.

jakeshw · January 31, 2026, 4:51pm

Same issue. CLI v3.89.0. Something is broken on the local dev server. Works fine on the shopify theme preview url, but not my local preview dev server. I uninstalled 3.89.0 and reinstalled @3.88.1 and gtg. Thanks!

PeterParker · February 1, 2026, 4:57pm

I’ve upgraded to version 3.90.0, and even downgraded to 3.88.0, but I’m still experiencing issues with the Cart API

POST http://127.0.0.1:9999/cart/change 401 (Unauthorized)

Donal-Shopify · February 3, 2026, 11:00am

Thanks for the continued patience on this one folks! The team is actively looking into this behavior with the 401s on cart endpoints, in particular with 3.89.0 but I’ve also passed on how downgrading hasn’t always resolved for everyone.

In the meantime, you should be able to get unblocked by using the preview URL instead of localhost for your development loop, or by downgrading to CLI 3.88.0 if you strictly need the local server (this has worked for many, but not everybody who tried it).

I’ll drop another note here once I have more news to share from the team on the fix.

ConduciveMammal · February 3, 2026, 12:37pm

On another store - a weird new symptom I’m seeing is that every product is marked as Sold Out, on the preview URL, the products show correctly as in stock.

Rene_Roth · February 3, 2026, 3:46pm

version 3.89.0 breaks this; working fine up until and including version 3.88.1

James_Auble · February 3, 2026, 8:56pm

Wow. Okay glad i’m not alone. Getting 401 for /cart on version 3.89 and 3.9. Also getting all that noise about CORS issues with the /collect request. Super annoying.

JSMcAvady · February 3, 2026, 8:58pm

Reported the same thing in another thread, facing the same issue, did try the

“http://127.0.0.1:9292/cart/32660962476113:1?storefront=true” to test the end point to add a product, that also did not work.

broken for me in CLI at version:

/cli/3.90.0 win32-x64 node-v25.2.1

This is the response I get from the browser console

Request URL
http://127.0.0.1:9292/cart/add
Request Method
POST
Status Code
401 Unauthorized
Remote Address
127.0.0.1:9292
Referrer Policy
strict-origin-when-cross-origin

Not sure if related or not.

Request URL
https://site.myshopify.com/api/collect
Request Method
OPTIONS
Status Code
404 Not Found
Remote Address
23.227.38.74:443
Referrer Policy
strict-origin-when-cross-origin

Logged out of CLI and back in, this was not a fix. Hope some of that is helpful

Topic		Replies	Views
Limit AJAX Cart API Online Store and Theme Development ajax-api , cli-themes	3	55	December 9, 2025
[API] Service is not valid for authentication Online Store and Theme Development theme-troubleshootin	11	618	March 27, 2025
You are not authorized to use the CLI to develop in the provided store: Shopify CLI and Libraries theme-commands	1	59	December 29, 2025
Shopify Theme Dev - 502 Error - Failed to perform theme synchronization Shopify CLI and Libraries theme-commands	16	338	December 5, 2025
Intermittent 429 errors when using `shopify theme dev` Shopify CLI and Libraries theme-commands	5	280	November 14, 2025