Shopify Oauth

.env.example

API_KEY=yourAppsApiKey
API_SECRET_KEY=yourAppsSecretKey
REDIRECT_URI=https://a6a6711f5250.ngrok.io/auth/callback # must match whitelisted redirect
SHOP_NAME=your-shopify-shop-name

index.js

import fetch from 'node-fetch';
import { OAuth2 } from 'oauth';
require('dotenv').config();

const consumerKey = process.env.API_KEY;
const consumerSecret = process.env.API_SECRET_KEY;
const oauth2 = new OAuth2(
  consumerKey,
  consumerSecret,
  `https://${process.env.SHOP_NAME}.myshopify.com/admin/oauth`,
  '/authorize',
  '/access_token',
  null
);
const authURL = oauth2.getAuthorizeUrl({
  redirect_uri: 'https://88a049f9179c.ngrok.io/auth/callback',
  scope: 'read_products,write_products',
  state: '1',
});

// go to the authURL logged out in the next line
// and copy the code from the query parameter in the redirect URI
// for example, in https://88a049f9179c.ngrok.io/auth/callback?code=586d5755c01bc98fab77bf78e4e975b5
// we need 586d5755c01bc98fab77bf78e4e975b5
console.log({ authURL });
const code = '586d5755c01bc98fab77bf78e4e975b5'; // can only be used once

const data = oauth2.getOAuthAccessToken(code, { redirect_uri: process.env.REDIRECT_URI }, function (
  e,
  access_token,
  refresh_token,
  results
) {
  // since `code` can be only used once, save the access_token somewhere
  console.log({ e, access_token, refresh_token, results });

  fetch(`https://${process.env.SHOP_NAME}.myshopify.com/admin/products.json`, {
    headers: {
      'X-Shopify-Access-Token': access_token,
    },
  })
    .then(res => res.json)
    .then(_data => console.log(_data));
});

fetch(`https://${process.env.SHOP_NAME}.myshopify.com/admin/products.json`, {
  headers: {
    'X-Shopify-Access-Token': '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',
  },
})
  .then(res => res.json())
  .then(_data => console.log(_data));