Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

Security : Customer Access Token Retrieval

Security : Customer Access Token Retrieval

zarif-al
Shopify Partner
1 0 0

Hi

We have to make a call to the `customerAccessTokenCreate` endpoint to get a customer access token. In this call we have to pass the user email and password.

 

I am testing this using insomnia (Desktop API Client). I noticed we are sending the raw password to the shopify storefront API.

 

My question is, is there any best practice I am missing when it comes to communicating with storefront API, regarding retrieving customer access tokens? Is it safe send raw passwords over https?

 

Many thanks.

Replies 0 (0)