API AccessToken storage suggestions

Highlighted
New Member
19 0 0

Hello Shopify Team! 

 

I built a custom app with NodeJS and Express, following this documentation.  

 

I'd like to know how can I save the access token after this function ('/Shopify/callback'): 

 

 

// DONE: Exchange temporary code for a permanent access token
const accessTokenRequestUrl = 'https://' + shop + '/admin/oauth/access_token';
const accessTokenPayload = {
    client_id: apiKey,
    client_secret: apiSecret,
    code,
};

request.post(accessTokenRequestUrl, { json: accessTokenPayload })
.then((accessTokenResponse) => {
    const accessToken = accessTokenResponse.access_token;

    // What I can do now?

});

I was trying to use cookies but I can't access them using Proxy. I don't know if I did something wrong or should I call this function every time in my routes?

 

Any suggestions? 

 

0 Likes
Highlighted
Tourist
17 0 2

You can probably just use local/persistent storage for the token, but there are a few things you should consider when persisting:

 

1) I *think* your token will only contain the permissions to do things at the time of creation (ie if you change your app permissions later, I don't think this token will contain these permissions, so you may need to refresh....or you may not need to do anything if Shopify invalidates/expires old tokens when this occurs)

2) You also will want to handle token expiry.  At some point your token could expire, and you'll need to get a new one from this call, so you'll need logic to handle that.

 

 

0 Likes
Highlighted

You can store them however really, the note on the below is good to remember though:-

Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.

https://www.shopify.co.uk/partners/blog/17056443-how-to-generate-a-shopify-api-token

Some Shopify/Ecommerce related articles - https://medium.com/@stephenkeable
0 Likes