I want to build a custom shopify app that will allow customers to interact with a custom product carousel app that I've embedded inside of a div of current shop. My hope is to have an "add to cart" button on my carousel for each selected product. When you click the add to cart button that would trigger a call to the current cart to add my product. I need to know if this is possible with my current setup.
My current embedded app will match all the product sku's in my shop and I know I should be able to query all the products from my embed, my main question and concern is how do I go about authorizing requests to the shopify admin api from embedded app? Is there a public token that can be generated and used publicly, allowing me to gain access to the api's endpoints? I have gone ahead and created a public app for my embed and set up my requests but need to know how I'm going to get around having my keys exposed without having to make my calls from a server.
The site is not public currently because of the keys in my requests being public, or I'd have a link for you to see what I'm working with. Any help would be appreciated. Thanks!