Configuring refresh token setting in Shopify GraphQL Connection

The details of creating a GraphQL connection have already been documented. This article demonstrates how to create a Shopify GraphQL connection with refresh token settings.

The headers required to run any successful Shopify GraphQL query are:

1. Content-Type : application/json
2. X-Shopify-Access-Token : <Admin API access token>

The first header (Content-Type) is stationary can be entered directly as 'name' and 'value' pair. The second header is an access token and is required for the authentication of any query. Hence, the appropriate authentication type to choose on Celigo Connector page is "Token" (highlighted in yellow in the sample image below).

For 'Token' type authentication, the access token needs to be entered in the 'Token' field . The access token, Admin API access token in this case, is issued by Shopify Store to the App through which the Store data needs to be queried. It can be found under the 'API credentials' tab of the Shopify custom app (as shown in the sample image below):

But this Admin API access token can only be viewed only once. And in Celigo, the access token needs to be re-entered every time the connection is to be updated.

Note: Since GraphQL Admin API URL requires API version in it's endpoint, the URL string in Celigo connection is ought to be kept up-to-date with most recent stable API version. Hence the connection might be edited/updated every time new stable API version is released. It is not possible for a user to have the Admin API access token when updating the GraphQL connection every time. Hence it is not viable to use Admin API access token directly.

A better alternative to direct use of Admin API access token will be to a delegate access token which is refreshable and can be dynamically generated. This will exempt users from the necessity of re-entering correct access token while updating the connection. Any random string can be entered in Token field and 'Refresh Token' configuration will generate a new delegate token when met with 401 unauthorized error in API request. The importance and details of Shopify delegate access token can be found here. The documentation detailing the creation of delegate access token can be found here .

The headers required to generate the delegate access token are the same as the ones required for GraphQL query; 'Content-Type' and 'X-Shopify-Access-Token'. However, these headers, especially 'X-Shopify-Access-Token', will not need to be re-entered while updating the connection in future.

The delegate access token can be generated using both GraphQL and REST API. Since 'HTTP request body' in the 'Configure Refresh Token' setting only accepts JSON format we will use REST API URL to generate the delegate access token. The refresh token configurations can be found in the image below:

Note: Since the request body type in the main connection is GraphQL and in the refresh token configuration is JSON, we need to override the main connection media type with JSON. Hence the Override media type needs to be JSON.

The request body to create delegate access token can be found in the image below:

Note: The access scopes will define the functionality of the Celigo Connection authenticated using the delegate token. e.g. If the Celigo Connection is to be used to read, write products in Shopify then corresponding scopes must be included in the request body of the delegate token. These have to be a subset of the access scope detailed in the Shopify Custom App through which Store data will be queried (detailed in the sample image below):

Finally, to test this connection, the sample query required can be found in the sample image below:

Note : In order to avoid any potential connection testing issues, it might be ideal to query data that is being allowed to query by the Shopify Custom App access scopes and the delegate token access scopes .