AccessToken global

diegoalves
Excursionist
21 1 0

Hi,

I'm developing an app to Shopify and started wondering. Can I make the accessToken variable globally for usage in my whole backend in Koa.js? It'll make my work way easier.

Replies 5 (5)

diegoalves
Excursionist
21 1 0

Someone?

Gregarican
Shopify Partner
1033 86 285

Here is a link that speaks to how similar to this could be done --> https://stackabuse.com/using-global-variables-in-node-js/

diegoalves
Excursionist
21 1 0

Thanks,

But I'm wondering if is this secure?

I found an option to save accessToken in cookies, which maybe is not good in terms of security of my application.

What about the accessToken as a global variable in my code?

Gregarican
Shopify Partner
1033 86 285

The front-end JavaScript is visible to the client, since it runs in their browser. I ran into similar challenges within Shopify when calling my own API that exposes an internal system. I didn't want to expose my authentication credentials to the client. Seeing if they just ran something like Chrome Developer Tools they could see what the particular were. I looked at using cookies, but that too exposes things. I wound up engineering some Liquid server-side methods in order to help obfuscate authentication a bit. Seeing even that wasn't good enough, I wound up using a Shopify app proxy that would hit my own API --> https://shopify.dev/tutorials/display-data-on-an-online-store-with-an-application-proxy-app-extensio.... Its signature validation allowed me to grant access. I'm not sure of your particulars, but perhaps this might be a good route? 

diegoalves
Excursionist
21 1 0

Thanks,

I'm quite new to web development, but I'll check out if App Proxy is the right thing to do.

I'm making an app for Discount Code.

The ideia of my app is that at checkout page the customer had access to the value they have available for a discount, this value comes from an external API.

And then if the customer wants to use the discount, it created in the Shopify Admin API. 

I'm having problems here because I can't make requests from the shop.myshopify.com to the Admin API.

So I'm sending the request to an app who's going to take it and then make the request to Admin API, and here's where I'm having problem with AccessToken variable.

I'm not sure if this way is the right one or if I should do the App Proxy.