I'm the coder of a tire/wheels widget selector, and developed an "integration" with shopify, but I was wondering if there was a better way to implement this. Let me first describe how the widget and the integration work.
The widget lets you select tires/wheels from a list with filters. This is a drop-in js script that users can place on their website's html to display a tire selector.
It lets you scroll through a list of tires each with an "Add to cart" button.
The integration (which isn't using any of shopify's development tools) works like this:
I updated the template of one the views to include my drop-in script.
Also, when any "Add to cart" button is clicked, before it pushes into the cart it finds or creates a product with that tire/wheel size (using shopify product's title field), and then it pushes it to the cart. This way, if a user clicks multiple time on a tire's "Add to cart" button, the same product is used.
But, because only admins can create products, I need to create an application with read/write permissions for products. Even though I could set this access token somewhere in the page for my widget to use, I shouldn't because I would be exposing an admin token in the shopify page that anyone can use.
My solution for that is to let merchants give us their shopify admin tokens, and to host an API service that has access to said tokens and takes care of the product creation/finding (we call this API service from our widget).
My question now is: is there a more standard way to implement something like this?
I ask because there are 2 aspects I consider kind of weak in my solution:
1) I'm not sure if potential merchants will be tech friendly enough to update the templates and to also create an application and set the product permissions properly. I would imagine users liking more a solution where they click a button, and the widget just shows up somewhere on their page.
2) The idea of having a separate api service to isolate the access to the admin token is necessary but if it was spared it'd be pretty nice.
Thank you for reading.