API Risks

BWH
New Member
2 0 0

I am interested to work with a startup, they want to connect to my store via an API. Whilst I already use some APIs, the ones I use are already on the shopify app store, so I trust that Shopify has done due diligence on the providers.

However I am cautious about using an API from this start up (its a friends business), should I be concerned about security of this API. How do I go about mitigating the risk, if there is one? The risks I am concerned about are general functionality of my shopify store and customer data and if I should be concerned about anything else?

 

0 Likes
Greg_Kujawa
Shopify Partner
1016 83 237

I'm not sure if a 100% understand the exact scenario you are outlining, but if your friend's company provides an app that can plug into your own Shopify shop then I assume it's published on the Shopify App Store, correct? If so then when it's going through the installation routine you should see an authorization screen. Where you (as the logged in Shopify shop user) can review what types of data records the app will have access to. Review that list and see if it looks okay to you. If it does, install the app. If it doesn't then I wouldn't install it.

If you are talking about your friend's company will furnish their own API (not a public app, but just a series of URI endpoints) for providing data, then the API should have some sort of token-based authentication. So that not anyone/everyone can just gain access. 

0 Likes
michaeltheodore
Explorer
59 6 8

What framework is the API written in?

There are intrinsic security with any API outside of Shopify but no API is 100% secure.

That's why on the Shopify app store developers only access specific data like products, or collections.

Treat it as unsecure and use the API provided by Shopify.

0 Likes
BWH
New Member
2 0 0
Hi Greg,

Great, thank you. Very helpful.

Ben

0 Likes