Recommended way to store accessToken

8 1 1

Hello all,

I am willing to start a new shopify app with vuejs and nodejs, the app won't be embedded.

I need to know what do you guys recommend to store keys such as accessToken, since I assume you need some tokens sent from frontend to backend in order to know if the operation should be handled or not.


do you use cookies/localStorage? is it really secured?


Shopify Staff
Shopify Staff
750 86 163

This is an accepted solution.

Hey @berliner2020,


An access token is generated during the Oauth authentication flow. The token needs to be included in the header of your API calls, so it can be stored on your server and shouldn't be included in any cookies/localStorage on the user's machine. The access tokens you store should be treated with care, since they enable anyone with the token to make authenticated API calls to the shop. You can consider hashing or obfuscating the tokens you store, so they can't easily be used in the event they got out. 

JB | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit or the Shopify Web Design and Development Blog