I have created React frontend and Java backend for Shopify application.
React application is embedded in admin panel which is running on the same server as Java.
Users can change their settings and external api keys there, which will be saved to database. When they go to the page and there is already some saved info it will be queried from the database.
How can I make sure, no third party malicious users could exploit this, by pretending to be a shop and getting this sensitive data?
I hope i made sense.
I understand how to GET data from server. Shopify sends a request to my application hmac which i can calculate server side. But now that I am in that page and I post data to server, how can I add something there?