Completed 500 Internal Server Error and ActiveResource::ForbiddenAccess

Question

I'm using Shopify, Ruby on Rails and Heroku postgres and I keep getting this error:

ActiveResource::ForbiddenAccess (Failed. Response code = 403. Response message = Forbidden.) and Completed 500 Internal Server Error in 210ms (ActiveRecord: 1.3ms)

I'm trying to CRUD the Shopify's data to another app which is from rails and I tried migrating the database and heroku logs to figure out the problem but I found none.

This is my controller code

def index
  @products = ShopifyAPI::Product.find(:all, params: { limit: 10 })
  @webhooks = ShopifyAPI::Webhook.find(:all)
end

def show
  @products = ShopifyAPI::Product.find(params[:id])
end

def new
  @products = ShopifyAPI::Product.new
end

def create
  @products = ShopifyAPI::Product.new(params.require(:product).permit(:title))
  if @products.save
    redirect_to home_index
  else
    render :index
  end 
end

Here's my routing

Rails.application.routes.draw do
  resources :home
  post 'home/new', to: 'home#create'
end

My new.html.erd

<%= form_for :product do |f| %>
  <p> 
    <%= f.label :name %>
    <%= f.text_field :title %>
  </p> 

  <p>
    <%= f.submit %>
  </p>
<% end %>

Here's my index.html.erd

<% @products.each do |product| %>
  <li><%= link_to product.title, "https://#{@shop_session.url}/admin/products/#{product.id}", target: "_top" %></li>
  <%= link_to 'Create Product', new_home_path %>     
<% end %>

Answer 1

Simple. You are making calls to the API and you are NOT authenticated, so you get back a 403. You need to first open up an authenticated session, and then make your calls to the API. For example:

session = ShopifyAPI::Session.new(shop, token)
ShopifyAPI::Base.activate_session(session) if session.valid?