I understand the verification of an app on its first load.
But what about links that load content from the server that are displayed in the app or ajax calls that you may need if you want to fetch data.
How to do you know that this came from an app user?
Do i need to create a session logic in php for that?
Solved! Go to the solution
This is an accepted solution.
Yes you do. When you authenticate an incoming shop, you persist the shop domain in your persistance layer, and subsequently all incoming calls from that store would be saved in a session. You decide how long to persist the session. An incoming call from a link you created that does not provide the shop name could fail for you (session timed out) and so it is good practice for you to decorate your personal callbacks with the shop name, that way if no session exists, you can check the shop name against your persistance layer, and if it exists, open a new session and carry on.