The goal is to display custom customer data inside /account
securely.
The user will need to login in Shopify store to access the route.
The data is tied to the Customer’s email address in the server. So I’ll do GET request with email address in the request URL.
In the /account
liquid template I’m using Vue component. It will handle the request to a NodeJS API (I’m using feathers/express).
So far I read about App Proxy and App Bridge, but I don’t know how those will fit here.
The main problem:
How do I secure the API to make sure only the logged in Shopify customer can get their own data inside the store? How do I verify the user and making sure the API only accessible via the store?
Note: I’m really new to Shopify. Please explain with more details. Thanks.
2
Answers
shopify node create
to generate Node JS one.auth/callback
that's needed for the app to be install-able on a Shopify store. Using this CLI, it also do the initial setup on Partner Dashboard.shopify node serve
that'll startngrok
server, and updates the app's URL in App Setup. Then you'll need to setup App Proxy by copying the URL and put it inside App Setup.It is easy. The terminology is a little odd but here is all you need to know.
That will let you know the incoming call is secure and from Shopify. The call can include two key parameters, namely the email and customer ID.
So you have an email, and an ID. Now you can securely get the customer account data that matters, and return it in JSON to your component on the front-end.
That is it. Nothing more to it. Have fun.