AccessToken global

Highlighted
New Member
15 0 0

Hi,

I'm developing an app to Shopify and started wondering. Can I make the accessToken variable globally for usage in my whole backend in Koa.js? It'll make my work way easier.

0 Likes
Highlighted
New Member
15 0 0

Someone?

0 Likes
Highlighted
Shopify Partner
520 38 109

Here is a link that speaks to how similar to this could be done --> https://stackabuse.com/using-global-variables-in-node-js/

0 Likes
Highlighted
New Member
15 0 0

Thanks,

But I'm wondering if is this secure?

I found an option to save accessToken in cookies, which maybe is not good in terms of security of my application.

What about the accessToken as a global variable in my code?

0 Likes
Highlighted
Shopify Partner
520 38 109

The front-end JavaScript is visible to the client, since it runs in their browser. I ran into similar challenges within Shopify when calling my own API that exposes an internal system. I didn't want to expose my authentication credentials to the client. Seeing if they just ran something like Chrome Developer Tools they could see what the particular were. I looked at using cookies, but that too exposes things. I wound up engineering some Liquid server-side methods in order to help obfuscate authentication a bit. Seeing even that wasn't good enough, I wound up using a Shopify app proxy that would hit my own API --> https://shopify.dev/tutorials/display-data-on-an-online-store-with-an-application-proxy-app-extensio.... Its signature validation allowed me to grant access. I'm not sure of your particulars, but perhaps this might be a good route? 

0 Likes
Highlighted
New Member
15 0 0

Thanks,

I'm quite new to web development, but I'll check out if App Proxy is the right thing to do.

I'm making an app for Discount Code.

The ideia of my app is that at checkout page the customer had access to the value they have available for a discount, this value comes from an external API.

And then if the customer wants to use the discount, it created in the Shopify Admin API. 

I'm having problems here because I can't make requests from the shop.myshopify.com to the Admin API.

So I'm sending the request to an app who's going to take it and then make the request to Admin API, and here's where I'm having problem with AccessToken variable.

I'm not sure if this way is the right one or if I should do the App Proxy.

0 Likes