我有一个shopify合作伙伴商店,我希望能够拨打api电话 . 我的应用程序正在使用django,这个:https://github.com/Shopify/shopify_python_api
from django.shortcuts import redirect
import shopify
def home(request):
API_KEY = 'blabla'
SHARED_SECRET = 'blabla'
shop_url = "http://mystoretest112.myshopify.com/admin"
shopify.ShopifyResource.set_site(shop_url)
shopify.Session.setup(api_key=API_KEY, secret=SHARED_SECRET)
session = shopify.Session("mystoretest112.myshopify.com")
scope=["write_products"]
permission_url = session.create_permission_url(scope,"http://localhost:8000/login")
return redirect(permission_url)
def login(request):
code = request.GET['code']
signature = request.GET['hmac']
timestamp = request.GET['timestamp']
shop = request.GET['shop']
API_KEY = 'blabla'
SHARED_SECRET = 'blabla'
shop_url = "http://mystoretest112.myshopify.com/admin"
shopify.ShopifyResource.set_site(shop_url)
shopify.Session.setup(api_key=API_KEY, secret=SHARED_SECRET)
session = shopify.Session("mystoretest112.myshopify.com")
params = {'timestamp':timestamp,'code':code,'shop':shop,'signature':signature}
token = session.request_token(params)
print(token)
因此,当我使用我的应用程序回家时,我会按预期重定向 . 但是,当我登录时,对request_token的调用失败,出现此异常:“无效的HMAC:可能是恶意登录”,而不是给我我要求的永久令牌 .
我尝试使用如下所示的数据自己计算hmac:https://help.shopify.com/en/api/getting-started/authentication/oauth#verification每次我在网址中发送相同的hmac .