Security : Customer Access Token Retrieval

Shopify Partner
1 0 0


We have to make a call to the `customerAccessTokenCreate` endpoint to get a customer access token. In this call we have to pass the user email and password.


I am testing this using insomnia (Desktop API Client). I noticed we are sending the raw password to the shopify storefront API.


My question is, is there any best practice I am missing when it comes to communicating with storefront API, regarding retrieving customer access tokens? Is it safe send raw passwords over https?


Many thanks.

Replies 0 (0)