API AccessToken storage suggestions

New Member
19 0 0

Hello Shopify Team! 


I built a custom app with NodeJS and Express, following this documentation.  


I'd like to know how can I save the access token after this function ('/Shopify/callback'): 



// DONE: Exchange temporary code for a permanent access token
const accessTokenRequestUrl = 'https://' + shop + '/admin/oauth/access_token';
const accessTokenPayload = {
    client_id: apiKey,
    client_secret: apiSecret,

request.post(accessTokenRequestUrl, { json: accessTokenPayload })
.then((accessTokenResponse) => {
    const accessToken = accessTokenResponse.access_token;

    // What I can do now?


I was trying to use cookies but I can't access them using Proxy. I don't know if I did something wrong or should I call this function every time in my routes?


Any suggestions? 


17 0 2

You can probably just use local/persistent storage for the token, but there are a few things you should consider when persisting:


1) I *think* your token will only contain the permissions to do things at the time of creation (ie if you change your app permissions later, I don't think this token will contain these permissions, so you may need to refresh....or you may not need to do anything if Shopify invalidates/expires old tokens when this occurs)

2) You also will want to handle token expiry.  At some point your token could expire, and you'll need to get a new one from this call, so you'll need logic to handle that.




You can store them however really, the note on the below is good to remember though:-

Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.


Some Shopify/Ecommerce related articles - https://medium.com/@stephenkeable