Private apps doc - Am I risking exposing customer data?

Highlighted
New Member
1 0 0

https://help.shopify.com/en/manual/apps/private-apps  "all data you expose to the app could be seen by any visitors to your store."

https://shopify.dev/docs/storefront-api "Storefront API itself is unauthenticated"

https://shopify.dev/docs/storefront-api/reference "Storefront API is composed of the following: Customers - Information about customers in Shopify such as their shipping address and display name"

I'm not a developer so, please tell me if I'm misinterpreting this. It appears to me that any private app development which might transmit customer information (say, order fulfillment integration to a backend provider) would potentially expose customer addresses to anybody savvy enough to look for it (probably including whoever responds to this post

Am I wrong or is this the point of the caution on the Private Apps doc? If I'm right, why would anybody ever use the API in this way?

 

Thanks.

0 Likes