Shopify API With Postman Chrome App

- 1 answer

I am using Shopify API through the Postman Chrome app. I have used OAuth 2.0 and have an authorization code to which I am passing in the header with API call.

Now If I am logged into my Shopify store in Chrome, and enabled a Postman plugin named "Intercepter" and no access code in the header then also I receive response else not.

I am confused now that what is the use of access token passed in the header if I can access response without it.

I am performing GET API call. Please Help.



Using an API key has the primary advantage of being more portable- while you may be able to access the API endpoints via your logged in browser session, you wouldn't want to be using browser sessions for authentication from within a real application.

Also, from experience, I can tell you that some of the API behavior from browser-session based authentication is different from the behavior when using an API key. For example, requesting the following with your browser session:

will return an HTML response (despite the .json) containing search results. This API is only used internally by the Shopify admin, and not available when using an API key.