The Wire · Showcase
SHOPIFY CLI FIXES STOREFRONT API AUTH HEADACHE IN DEV PROXY
By RepoJournal · Filed · About Shopify
The dev proxy was rejecting every Storefront API request with a 401 — turns out it was injecting its own auth headers where it had no business being.
Developers running local Storefront API calls through Shopify's dev proxy [1] hit a wall yesterday: every `/api/{version}/graphql.json` request bounced with authentication failures. The culprit was the proxy itself, which was aggressively injecting SFR devtools bearer tokens into the Authorization header even for public Storefront API endpoints that don't want or need them. The fix [1] treats Storefront API traffic as pass-through — no header injection, no interference. If you've been working around this by disabling the dev proxy for API work, your life just got simpler. This lands in the next CLI release.
Action items
- → Update Shopify CLI to the next release for transparent Storefront API proxying Shopify/cli [plan]
- → Monitor the next CLI release notes for availability Shopify/cli [monitor]
References
- [1] Pass Storefront API requests through the dev proxy as-is ↗ Shopify/cli
FAQ
- What changed in Shopify on May 11, 2026?
- The dev proxy was rejecting every Storefront API request with a 401 — turns out it was injecting its own auth headers where it had no business being.
- What should Shopify teams do about it?
- Update Shopify CLI to the next release for transparent Storefront API proxying • Monitor the next CLI release notes for availability
- Which Shopify repositories shipped on May 11, 2026?
- Shopify/cli