I have some questions on some topics which I need help clarifying. It was originally posted as a reply on another thread, but I think it would be great to get some thoughts/opinions from the wider community.
To help organise reply answers I have labelled my questions accordingly as there are a few which need addressing.
Feel free to answer any one, or all of the questions.
I did quite a bit of research on App Proxies for Shopify and looked through a lot of examples, and it looks like the way to go for what I want to achieve.
From what I understood, the user journey/flow of data can be represented as the following:
User -> Shopify --- > App Proxy --- > Shopfy App (My Web App) -> User
Q1. The response should go directly back to the user no problems, right?
One thing I am unsure about is the authentication procedure.
Let's say the User is logged into the Storefront and authenticated on Client-side (in my case some iOS Device).
Q2. Is there some sort of authentication I need to do on the Shopify App (My Web App) to ensure that the user is the one making the request to access the response from the Shopify App (My Web App)?
Proposal 1: The solution I think I would need to implement to achieve this is:
1. Grab the Customer ID of the user and add it into the Request Header
2. Check on the Shopify App (My Web App) for the customer's data (such as an order) using that Customer ID through the Admin API or Storefront API directly
3. Do whatever I need to do and send a response back
1. Grab the Customer ID AND email of the user and add it into the Request Header
2. Check on the Shopify App (My Web App) for the customer, Customer ID through the Admin API or Storefront API
3. Verify customer email against queried Customer object.
4. Do whatever I need to do and send a response back
Q3. Is Step 3 in proposal 2 unnecessary?
Q4. is there an alternative way to do this whole dance that I am unaware of at the moment?
Q5. What tips would you provide to your younger self setting up a Shopify Web App at the beginning stage, and what would you look out for?