Storing access_token in database

Solved
DanielTehrani
Excursionist
15 0 4

I'm building a public app with an app extension, and I need to keep every stores' access tokens in my database.

Do access tokens change, (do I need to listen to some webhooks?) or are they permanently usable?

Thanks.

0 Likes
jchristie
Tourist
13 2 4

This is an accepted solution.

Hi @DanielTehrani,

You can store access tokens, they do not change unless the merchant uninstalls your app, at which point the token is invalidated and you won’t be able to make any further API calls. 

You need to make sure you subscribe to the app uninstall webhook to clean up your app and remove the token from your database, however. As one requirement for the app passing the review is that the app can be uninstalled and reinstalled again without any issues. Storing the token and keeping the shops details in your database will likely cause issues when the merchant goes to reinstall unless you have logic to handle this.

Hope this helps! 
James

0 Likes
DanielTehrani
Excursionist
15 0 4

Hi @jchristie.

Your answer really helps, thank you!

0 Likes