App architecture, backend and front-end communicaiton

New Member
3 0 0

I'm building public app that will have some admin part


On my app backend, I'm using php/laravel. I'm trying to understand what is the correct way to architect an app


So I will have my admin app frontend that will need to 

1) take some data from my app backend

2) take some data from shopify api, e.g products 


for 1 it's understandable, we'll just have API endpoints and frontend will make calls to it

But the question is authorization. I need some way to make sure that call that is coming from front-end to backend is secure and udnerstand what merchant is that. How do I do that kind of authorization? If I'm not going to redirect that call to shopify API, but will do return smth from my db , but I still need to authorize user. Since I'm not going to ask them sign in to my app specifically and I need to show them the working app  without any extra auth, how I can handle that on my end then?


2 - How can I make shopify calls directly from frontend? Is that possible / good way to go?


Shopify Partner
72 7 30

Hi @kkriv 


1. Ok, you have to go to the absolute Shopify fundamentals. Understand Shopify's implementation of OAuth for merchant/app security. Look at the Shopify docs. Yes you will call routes in your server as an API to the front end to provide services. You can store the shop domain and OAuth token in your server, then you will be able to match up with requests coming in from the front end. A little bit of research would go along way for you here.


2. Most likely you'd make calls to Shopify APIs from your own server rather than the front end. For example, you might be getting data from Shopify that you want to store in your database (you cannot access Shopify databases) so you would be best served doing this on your server. Lots of scenarios like this. In this case, particularly think about authentication for a particular shop happens when you need to call Shopify APIs.


If any of that seems to be gobbledygook to you, best advice is to make sure you keep it simple and stay away from spaghetti code. Consistent good design and architecture that makes sense and makes your life easy (i.e. if it's hard you're doing it wrong). If you're unsure, best advise is to do what everyone does and hit the books!


Good luck!



Store owner and app developer. Canada.