I am willing to start a new shopify app with vuejs and nodejs, the app won't be embedded.
I need to know what do you guys recommend to store keys such as accessToken, since I assume you need some tokens sent from frontend to backend in order to know if the operation should be handled or not.
Solved! Go to the solution
This is an accepted solution.
An access token is generated during the Oauth authentication flow. The token needs to be included in the header of your API calls, so it can be stored on your server and shouldn't be included in any cookies/localStorage on the user's machine. The access tokens you store should be treated with care, since they enable anyone with the token to make authenticated API calls to the shop. You can consider hashing or obfuscating the tokens you store, so they can't easily be used in the event they got out.