Deprecation of POST requests without a Content-Length or Transfer-Encoding: chunked header

We're making changes to our HTTP/1.0 and HTTP/1.1 request handling to improve security and compliance with web standards. Starting August 1, 2025, all POST requests to Shopify APIs must include either a Content-Length header or Transfer-Encoding: chunked header, or they'll return an HTTP 411 error.

What you need to do

Update your client libraries and API integrations to ensure all POST requests include one of these headers:

• Content-Length: Specifies the exact size of the request body in bytes
• Transfer-Encoding: chunked: Indicates the request body is sent in chunks

Most modern HTTP client libraries automatically include these headers, but some custom implementations or older libraries might not.

Why we're making this change

This change aligns with HTTP/1.1 standards (RFC 7230) and helps prevent potential security vulnerabilities related to request smuggling attacks. It ensures consistent request handling across our infrastructure.