How implement Server Side API.

Highlighted
New Member
5 0 0

We are currently calling third party(our API to register that user in our system) API's using ajax in cart page for Join Loyalty feature.

But by exploring we found that ajax is not secure way to implemt API'S. To implement API'S securely we have to call API'S at server side.

So, anyone can tell us how to call Server Side API's.

Thanks in Advance

0 Likes
Shopify Partner
872 8 147

Hi,

Ajax is perfectly fine for public APIs, but as you noted, POSTing user registrations via a client Ajax call is not and would be easilly exploited.

You could use webhook notifications, see Settings > Notification > Webhooks which is also explained here, in particular the customers/create event topic and send that notifcation to one of your API endpoints to handle it and proceed with creating the user in your system as well.

Above approach will not let you sync existing users from the store so when they would not be able to use your loyalty feature as their user account wouldn't exist in there - to overcome that and sync existing customer accounts with your loyalty user accounts, you would need to create a private app (if it is for your store only) or a public app (listed if intended to appear in app store, or unlisted) in order to be able to do this via Shopify Admin APIs.

Hope this helps!

I turn coffee in to code - since 1998
0 Likes
New Member
5 0 0

Hi, Karl Offenberger

Thanks for reply. Looked into solution you suggested. But we need to create that webhook using API. Because we are creating shopify public App. And this is not good idea to tell Store Owners to manually create webhooks after App installation. So, tried to create webhook using API but problem is that how to get signed key which is available in shopify admin. This signed key is needed to call webhook API. And signed key generates after creation of first webhook.

Attaching image of shopify admin panel where you can see signed key.

Please tell the solution.

Thanks

0 Likes
Shopify Partner
318 0 25

Annex,

If that's a plublic app then you get the token at the app installation time. You can then use this token to create the webhook you need (customers/create) from your backend and start receiving events and act on them.

CTO, Co-founder of nemo.ai
0 Likes
New Member
5 0 0

Hi Sergiu Svinarciuc,

Thanks for reply. As you said created webhook already but my question is how to pass that signed key in webhook API.

The current working webhook from shopify admin uses signed key. Webhook is given below -

"https://s15.socialannex.com/v2_api/sa_apiv2_action_script_shopify_webhook.php?siteid=SITE_ID&create_...SIGNED_KEY_FROM_SHOPIFY_ADMIN"

This webhook is working fine. But it's created in Shopify admin.

So, is there need to pass signed key when we are creating webhook using API?

If, yes then how?

0 Likes