Attribution with sales channel permalinks

Solved
ejb503
Shopify Partner
11 3 0

Hi, we have nearly completed an integration with a sales channel using permalinks. 

We have been advised to add the access token to the permalink for attribution as detailed here:  document 

However, being a sales channel posts to generate a new access token at /admin/api/2020-07/storefront_access_tokens.json return the following error: 

{
"errors": "App must be extendable to create a storefront access token."
}

We already have an access token per store, however if we expose this on the front-end this would mean that any user of our sales channel could copy the token and use it to maliciously abuse the Shopify API? (We currently have these tokens hidden behind a proxy).

What is the "correct" way to implement attribution in a permalink for a sales channel?

Thanks

The Shop Front: Welcome to the eCommerce platform with integrated video, audio and chat. Engage with your customers online and offline with multi-channel conversion tools. Edit your products and prices in realtime and stream them privately. Available in the App store: https://apps.shopify.com/the-shop-front
0 Likes
ejb503
Shopify Partner
11 3 0

This is an accepted solution.

With some trial and error we've realised that you can get permission to the access token endpoint by requesting unauthenticated access scopes (which don't really have anything to do with the actual purpose of the token), these tokens can safetly be embedded in the URL.

The Shop Front: Welcome to the eCommerce platform with integrated video, audio and chat. Engage with your customers online and offline with multi-channel conversion tools. Edit your products and prices in realtime and stream them privately. Available in the App store: https://apps.shopify.com/the-shop-front
0 Likes