Security : Customer Access Token Retrieval

zarif-al
Shopify Partner
1 0 0

Hi

We have to make a call to the `customerAccessTokenCreate` endpoint to get a customer access token. In this call we have to pass the user email and password.

 

I am testing this using insomnia (Desktop API Client). I noticed we are sending the raw password to the shopify storefront API.

 

My question is, is there any best practice I am missing when it comes to communicating with storefront API, regarding retrieving customer access tokens? Is it safe send raw passwords over https?

 

Many thanks.

Replies 0 (0)