Sign up
Quick links
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

graphql-js-client Authentication

‎07-26-2020 10:11 PM
ishahrier
Shopify Partner
17 0 0

Hi

I have an app store public app that I am working on. I would like to know is it possible to use graphql-js-client library in the app front end (not storefront) to access admin API.

Because from the example on git hub i created the client in my app like the code below and it doesn't work (spits out 403).

 

 

    this.client = new GraphQLClient(types, {
      url: "https://dev-3-store.myshopify.com/api/graphql",
      fetcherOptions: {
        headers: {
          'X-Shopify-Storefront-Access-Token': 'access token',
        }
      }
    });

 

 

But if I create a private app credential in the dev store admin portal and use the "store-front-api-key" (not the other access token) 

 

2020-07-26 22_06_09-dev-3-store ~ Edit x-core ~ Shopify.png

then it works.

So my question is, then this "graphql-js-client" , it can not be used in public app's front end /ui? Because i understanding is that during public app installation you do not receive a store-front-access-token but only a regular access token to talk to the admin API.

 

 Please help me out here!

0 Likes
Reply
‎07-29-2020 02:54 PM
Kevin_A
Shopify Staff
Shopify Staff
261 34 45

Hey @ishahrier 

If you use the graphql-js-client library to access admin API from your app front end, you would essentially be revealing your private API key. So while it is technically possible, I don't think it is recommended. 

Kevin_A | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
Reply
‎07-29-2020 08:08 PM
ishahrier
Shopify Partner
17 0 0

Hi

what if my app first authorizes the store using the oauth . after that a customer is logged into my app and then the front end receives the api key from the back end and does the graph-js-client calls.

is it also considered as an issue ? 

0 Likes
Reply
‎07-30-2020 12:52 PM
Kevin_A
Shopify Staff
Shopify Staff
261 34 45

Hey @ishahrier 

As long as you aren't exposing your API secret or any private tokens you should be fine. 

Kevin_A | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

0 Likes
Reply
Quick links
Facebook Twitter Youtube Instagram Linkedin Pinterest
Terms of Service Privacy Policy