Month: October 2014

Headers sent but not received by Application, Shopify and Restful API’s

I was tasked with creating a service (app) that would interact with the ShopifyAPI.

To create the service the flow would be:

  1. Authenticate (Oauth)
  2. Register the Service with callback url
  3. Return relevant data when Shopify makes the external call (webhook)

This is the first time I had worked with Oauth and a Restful API. What I didn’t know was that the header information¬†of HTTP requests often contain important information so we need to be able to get and set these values in our application development.

Furthermore for testing purposes I initially had to use curl as the client making the calls to the API. This was unintuitive in terms of setting headers and everything and then viewing and checking the response. That is when a senior developer advised that the use of a REstful client from within your browser should be used, he advised the use of Postman: a restful Client.

With postman you can easily and intuitively set the HTTP payload (often JSON) and header information. The webhook coming from Shopify will send the following header:

HTTP_X_SHOPIFY_SHOP_DOMAIN

To identity the shop. Now to test this request with Postman, I added a header and typed in exactly that:

HTTP_X_SHOPIFY_SHOP_DOMAIN = "myshop.myshopify.com"

But an error was that the header was never sent to the application. What was going wrong?

Well I know it was being sent by checking the network tab of the developer tools. But it was not being received (or was being parsed or mutated) by either apache or php.

Eventually I found out that apache does not accept “_” underscores in HTTP headers. It will remove them, however it will convert dashes to underscores. So the header should have looked like this:

HTTP-X-SHOPIFY-SHOP-DOMAIN = "myshop.myshopify.com"

The full reason behind this can be found here: Why underscores are forbidden in HTTP header names