Mapify - A Shopify API application - launched

Highlighted
Shopify Partner
63 0 7
Hi, I just finished writing my first Shopify API application, using the open-source Shopify API plugin found at Github (http://github.com/Shopify/shopify_app/tree/master). Mapify (http://mapify.heroku.com) is a FREE web service for Shopify users that plots your Orders onto Google Maps, for easy visualization. It's still a BETA project. I wrote it as an experiment to see how to write Shopify API applications, using the API plugin. I plan to open source it and also write a How To tutorial, time permitting, as I think this would be really helpful for other developers. In the meantime, please don't hesitate to get in touch with me if you have any questions. If you have any comments, questions or suggestions, please feel free to send me an email at forshopify (at) gmail (dot) com, or john (at) tajimaphotography (dot) com. Enjoy!
0 Likes
Highlighted
Shopify Partner
137 0 0

Very interesting John but what are the issues involved with security, privacy and data protection?

If I accept your API request it appears to give your app read and write access to my customer data. This probably breaks the terms and conditions of many stores for starters.

I really hope we can resolve this – it may need some Shopify input – but as it stands I think it is a little too open for comfort.

Jonathan

The Market Quarter http://www.marketquarter.com French Foie Gras and Food Hampers from London's Borough Market. Follow me @jonathanbriggs
0 Likes
Highlighted
Shopify Partner
137 0 0

Anyone else have any thoughts on the security issues?

The Market Quarter http://www.marketquarter.com French Foie Gras and Food Hampers from London's Borough Market. Follow me @jonathanbriggs
0 Likes
Highlighted
Shopify Staff
Shopify Staff
5704 1 326

If I accept your API request it appears to give your app read and write access to my customer data. This probably breaks the terms and conditions of many stores for starters.

It does not break any term nor condition, unless you state that you will not share any information with any third party, etc. Take note that you, as the client of an API application, cannot offer variable read/write access to your store through the API. It’s an all-or-nothing affair with the person who hosts the application, usually the application’s developer. Of course, the developer has no access to the more sensitive information such as your payment gateway credentials or any details about your account with Shopify. But the app will have access to your blogs content, your products and your orders.

My boyfriend works for Resistor Software (with Hunkybill), and these guys have a few API-driven apps operating now, and their clients are satisfied, and they’re not worried about the security of their orders’ details. It’s all about trusting the developer who hosts and runs the application. Of course, make sure that the application has a safe login mechanism in place if you the client can sign up and log in to that application. Make sure also that the developer is known in the community.

In this case, John is offering the source code to his application, so you can decide to host the application yourself, and in that case, you only need to trust yourself :)

0 Likes
Highlighted
Shopify Partner
137 0 0

I think the data protection issues are serious here in the UK - sharing personal customer data (name, address etc) is strictly forbidden unless the customer is told that it will be so.

You are right, of course, Caroline that if I host the app then it is my data from end to end and therefore not a problem.

The Data Protection Act here requires me to make sure that personal data is kept fully secure and passing it to another site without express permission would seem to break that.

The Market Quarter http://www.marketquarter.com French Foie Gras and Food Hampers from London's Borough Market. Follow me @jonathanbriggs
0 Likes