Shopify APP in the admin panel uses IFRAME, how to keep the session with Spring Backend?

Shopify Partner
35 0 0

My frontend part of the application is showed in the Shopify Admin panel apps window by iframe(this is for all the apps).

First request is sending hmac and fields to calculate the hmac to prove to backend that this is the right user. Now I want to create a session for this user that has authenticated, but since the app can only run inside iframe in that view, every request is new session accoridng to backend. When i go straight to the frontend url without going there through admin panel ( so without iframe ) it works well.


This is more detailed description:


Or where should I store the JWT token for example to bypass it. Has anyone had same problem?

Shopify Expert
4270 33 437

When you get a request to your App it is usually providing you with the name of the shop. That is always unique to an account. So in your app you will assign a session to that shop. Once you do that, your session should be persisted on the client using cookies or some other token-based method you have mastered.


If you are starting a new session every time someone hits your App you are forgetting to initiate and set a session the first them they authenticate with you. So the simple logic is this:

  • do I know this shop hitting me? Yes? Good... carry on. No? Who are they? Do I know them? If so, setup a session. If not, establish the token using oAuth and persist it for the next time they visit, so I can issue them a session and not bother getting a new oAuth token.
Custom Shopify Apps built just for you!