How I can get SHOP_MINI_TOKEN in this api call? I tried with SHOP_MINIS_API_KEY that I get from start (npx shop-minis setup), but it doesnt work, the api return “TOKEN_INVALID: Token invalid”. My edge function was deployed both local and public of supabase
Anyone can help me?
curl -X POST https://YOUR_PROJECT.supabase.co/functions/v1/auth \
-H “Authorization: Bearer YOUR_SHOP_MINI_TOKEN” \
-H “Content-Type: application/json”
you can review the supabase documentation on github - shop-minis/supabase at main · Shopify/shop-minis · GitHub
Looking at your issue, the SHOP_MINI_TOKEN in that curl command should be the user’s authentication
token from the Shop app, not the SHOP_MINIS_API_KEY.
Here’s how we resolved this:
const { generateUserToken } = useGenerateUserToken()
// Generate token when calling your Supabase function
const token = await generateUserToken()
// Then use it in your API call
const response = await fetch(‘https://YOUR_PROJECT.supabase.co/functions/v1/auth’, {
method: ‘POST’,
headers: {
‘Authorization’: Bearer ${token},
‘Content-Type’: ‘application/json’
},
body: JSON.stringify({ /* your data */ })
})
const shopifyApiKey = Deno.env.get(‘SHOPIFY_API_KEY’) // Your SHOP_MINIS_API_KEY
const shopifyApiUrl = ‘https://shop-minis-platform-api.myshopifyapps.com/v1/user-tokens/verify’
// Verify the token with Shopify
const verifyResponse = await fetch(shopifyApiUrl, {
method: ‘POST’,
headers: {
‘Authorization’: Bearer ${shopifyApiKey},
‘Content-Type’: ‘application/json’
},
body: JSON.stringify({ token: userToken })
})
The key insight: SHOP_MINIS_API_KEY is for server-to-server communication with Shopify’s API, while the
user token from generateUserToken() is for authenticating individual users.
Oh thank you for detailed answers. So I think mini token will get from generateUserToken. I think it can get when we use from app simulator. Can we get the token and add to postman to test?
no you can only test it within the shop mini app simulator.
hi @hung , you need to pass the token that was generated for the user with the useGenerateToken to your server. You can send it the way you want, but in our docs we recommend using an HTTP header.
Then, in your server, you need to call the userTokenVerify mutation. In this mutation, you will send the user’s token in the token argument.
But also, to call any endpoint in the Shop Minis Admin API, you need to authenticate the request so that we know that it’s your mini. To do that, you need to use your Minis API Key as the Authorization bearer. Check the Shop Minis Admin API docs
curl -X POST \
https://server.shop.app/minis/admin-api/alpha/graphql.json \
-H 'Content-Type: application/graphql' \
-H 'Authorization: Bearer <shop-minis-admin-api-key>' \
-d '{your_query}'
@Quique-Shopify Thanks for the detailed instructions. I already managed to solve it
@mehdi7 @Quique-Shopify Hi guys, my app work well with Supabase local functions, but not work with production Supabase functions. It always show “Load failed”. I was think it is cors issue but nothing changed after some adjust. I also added supabase backend url to trust domain in manifest. Do you have any idea to solve this issue? Again, thank you so much.
Hi @hung it could be 1) missing environment variables such as secrets. 2) the url’s check if you hardcoded
Thanks for support me. The prod api still work with curl call but not work in the app. I am still debug