Best practice for checking unauthorizes access

Shopify Partner
79 0 7

Hi

I am just completing my app oauth and charging php integration.

If I delete the app from within my test shop admin, the browser session still exists and I get a 401 Unauthorized error if I try to refresh my app.

I was just wondering what the best practice is (which API method to call) to check for any unauthorized access and then delete the session vars.

Thanks

Asa

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Highlighted
Shopify Staff
Shopify Staff
582 0 45

Just make a call and check the status. I guess the best practice would be a call that if it succeeds doesn't modify any data.

0 Likes
Shopify Partner
79 0 7

But which API call would be best to use. Ideally it would be something that doesn't return a lot of data as it will called in the header of each page load.

Actually, probably just checking the recurring charge should do it, as I need to check that anyway....

Never mind, thanks :)

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Shopify Partner
79 0 7

Actually, one other thing I wanted to check....

I am storing the shop name and recurring charge id in my local database and look up the charge based on the shop name.

Is is possible that a shop that has my app installed could change it's name and should I use some other way to check the recurring charge for the shop?

Thanks

Asa

Try the best recent order app for Shopify free for 7 days: https://apps.shopify.com/recently
0 Likes
Shopify Staff
Shopify Staff
582 0 45

A shops permanent (myshopify.com) domain will never change throughout the lifetime of a Shop. You can use that as an identifier.

0 Likes