Empty response when requesting permanent access token from Shopify OAuth flow

miar · July 1, 2025, 9:53am

I’m building a Rails application that integrates with Shopify and I’m having trouble with the OAuth authentication process. After following the official documentation, I’m stuck at the point where I need to exchange the authorization code for a permanent access token.

When I make a POST request to the OAuth access token endpoint with the required parameters (client_id, client_secret, and code), I get a 200 status response but the body is completely empty. There are no headers returned either.

Here’s my current implementation:

http_client = Net::HTTP.new("https://#{store_name.strip}")
token_request = Net::HTTP::Post.new("/admin/oauth/access_token")
token_request.set_form_data({
    "client_id" => app_config.api_key,
    "client_secret" => app_config.secret_key,
    "code" => auth_code.strip
})
api_response = http_client.request(token_request)

The response I’m getting looks like this:

@body=[],
@header={},
@status=200,

I’ve double-checked my credentials and the authorization code appears to be valid. Interestingly, when I test the same request using an HTML form, it works perfectly and returns the expected access token. However, programmatically with Ruby’s Net::HTTP or even the rest-client gem, I keep getting this empty response.

Has anyone encountered this issue before? What could be causing the difference between form submission and programmatic requests?

FlyingLeaf · July 9, 2025, 5:32pm

I hit this exact same issue a few months back with a Shopify integration. You’re passing the full URL to Net::HTTP.new, but it only wants the hostname - no protocol. Change your first line to: ```ruby
http_client = Net::HTTP.new(“#{store_name.strip}.myshopify.com”, 443)
http_client.use_ssl = true

alexj · July 7, 2025, 12:54am

check your content-type header - shopify’s picky about that. add token_request['Content-Type'] = 'application/x-www-form-urlencoded' before making the request. also make sure your store_name variable doesn’t have weird characters or spaces that could mess up the url.

Noah_Fire · July 6, 2025, 6:29am

Had the same issue with my Shopify integration - you’re mixing up the HTTP client setup with the endpoint path. Here’s what worked for me:

store_url = "#{store_name.strip}.myshopify.com"
uri = URI("https://#{store_url}/admin/oauth/access_token")
http_client = Net::HTTP.new(uri.host, uri.port)
http_client.use_ssl = true

token_request = Net::HTTP::Post.new(uri.path)
token_request.set_form_data({
    "client_id" => app_config.api_key,
    "client_secret" => app_config.secret_key,
    "code" => auth_code.strip
})

That empty 200 response happens when Net::HTTP can’t parse the URL properly. Using URI fixes it. Also check if your auth code expired - they don’t last long.

JumpingMountain · July 5, 2025, 10:10am

It’s probably how you’re handling the request parameters. I hit the same issue building my Shopify app last year. Don’t use set_form_data - build the request body manually and set the content type:

params = {
  "client_id" => app_config.api_key,
  "client_secret" => app_config.secret_key,
  "code" => auth_code.strip
}
token_request.body = URI.encode_www_form(params)
token_request['Content-Type'] = 'application/x-www-form-urlencoded'

Also check that your store_name variable has the full domain like your-store.myshopify.com. Empty response with 200 status usually means the request format isn’t what Shopify expects, even though you’re hitting the endpoint.

miar · August 3, 2025, 8:12am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.