Persistent auth token

Shopify Partner
6 0 0

Hello there,

just wondering if Shopify API supports some kind of persistent token to allow developers to access/login shops data to perform some batch analysis, even if the shop administrator doesn't use the application (no http-driven login).

If not, does the Shopyfy API allow us to create some WebHooks? Instead letting developers to access shops data programmatically, could be a cool solution install a WebHook and then having the application automatically updated with new data for analysis.

Obviously we could tell to the Shop administrator to install a specific WebHook after installing the app, but that's not so cool ;)

 

Thanks in advance for your help!

0 Likes
Shopify Partner
6 0 0

Inspired by this post [1] i just had a test with

 

curl http://[api-key]:[api-secret]@[my-test-shop].myshopify.com/admin/products.xml

but i keep getting

 

[API] Invalid API key or permission token (unrecognized login or wrong password)

Just to be clear, my api keys are the "partner" ones, and the application is installed into the test shop.

Any ideas?
Thanks! 

 

 

[1] http://forums.shopify.com/categories/9/posts/28725

0 Likes
Shopify Partner
1 0 0

Yes I think this is what I'm looking for too. I'm creating a CloudVox + Shopify partner app that allows shop owners that have the app installed to 'call in' to their store.

A bit perplexed on the authentication part though as the entity calling the app is a phone caller and not a browser. ie. http calls are coming from CloudVox and are stateless. I can handle maintaing the state but I'm stuck on the authentication at the start of the call.

Geoff

0 Likes
Shopify Staff
Shopify Staff
2002 0 41

If you get an API token through the third party authentication mechanism ( http://api.shopify.com/authentication.html ) you will be able to calculate a API token that will not expire. You can keep this in your database and use it for all communication with Shopify. 

Tobias Lütke - Shopify CEO // http://twitter.com/tobi
0 Likes
Shopify Partner
6 0 0

Hi tobi,

thanks for your kind reply.

So, afaik my case should be the step n. 4

Mega Invoice concatenates its secret with authentication token t and hashes the result into an MD5 hexdigest to generate the API password:
password = MD5.hexdigest(secret + t)

 So, that "password" will be the token to be saved into my DB, and it will be unique for every shop, right?

Thanks and sorry for my stupid questions.

0 Likes
Shopify Partner
6 0 0

Just had some test.

Yes, the result from the MD5 computation is our password.
I'm sorry for my stupid question, but i assumed that the "t" token parameter changes at every plugin, and lives with the session, without testing it by myself.

Sorry again and thanks for your help :) 

0 Likes