Hello,
I am making server API call directly using Session Token on customer account UI extension.
When I try to verify the API request, I am getting Signature has expired.
This is Ruby code I am using:
def verify_session_token
header = request.headers['Authorization']
begin
pattern = /^Bearer /
session_token = header.gsub(pattern, '')
payload = JWT.decode(
session_token,
ENV["SHOPIFY_API_SECRET"],
true,
{
algorithms: ['HS256'],
aud: ENV["SHOPIFY_API_KEY"],
leeway: 10
}
).first
rescue JWT::DecodeError => e
Rails.logger.error("Invalid Token: #{e.message}")
end
end
Any thoughts?
Thank you!
Just to check are you calling get on the session token each time your making an API request so you don’t get cached ones? 
1 Like
Thank you, @JordanFinners
// Before
const [token, setToken] = useState<string | null>(null);
useEffect(() => {
async function getToken() {
const token = await sessionToken.get();
console.log('Token:', token);
setToken(token);
}
getToken();
}, [sessionToken]);
const response = await fetch(serverUrl, {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
});
// After
const token = await sessionToken.get();
const response = await fetch(serverUrl, {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
});