Using existing Rails connection for @shopify/app-bridge-react

24 0 1

I am writing an embedded app using Ruby on Rails as the backend, and React (JavaScript) as the front-end. I am currently using the shopify_app ruby gem to authenticate and handle sessions. 


The problem I am running into is that I need to use @shopify/app-bridge-react in order to use the <Provider> component, which is required for the ResourcePicker, according to:


Question: How can I pass my storeOrigin & api_key safely from Rails to React for the Provider?


I've tried passing the data from a Rails controller to the html.erb view using "javascript_tag" to add JS to the page containing the controller's variables, but it seems to me like having an API key exposed like this would be bad practice. Anyone have thoughts on this?

Shopify Staff
Shopify Staff
49 10 15

This is an accepted solution.

Hi rsfxii,


I think you have the right approach. The API key is treated as public so there shouldn't be an issue with exposing it. What should be protected is the app secret, which should never be exposed.

1 Like