Have your say in Community Polls: What was/is your greatest motivation to start your own business?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Security : Customer Access Token Retrieval

Security : Customer Access Token Retrieval

zarif-al
Shopify Partner
1 0 0

Hi

We have to make a call to the `customerAccessTokenCreate` endpoint to get a customer access token. In this call we have to pass the user email and password.

 

I am testing this using insomnia (Desktop API Client). I noticed we are sending the raw password to the shopify storefront API.

 

My question is, is there any best practice I am missing when it comes to communicating with storefront API, regarding retrieving customer access tokens? Is it safe send raw passwords over https?

 

Many thanks.

Replies 0 (0)