Where to store information about the shop?

Where to store information about the shop?

den232
Shopify Partner
192 8 53

Hi.

 

I am developing an app intended for use on multiple shops.  Where should I store information particular to each shop?  For example, API keys,  default settings for use on this shop, and the like.

 

The data should be accessible to both my app extension(s) and the app itself.   While the (JavaScript) app extension has access to liquify, this is not the case for the (react) app itself. 

 

Settings for other shops served by the app should of course not be accessible.

 

Thanks!  jb

Replies 4 (4)

jazz-jay
Shopify Partner
96 14 17

Hi,

 

Encrypt and save the access tokens to a database for each shop. Your API key can be saved in your app's environment variables.

banned
den232
Shopify Partner
192 8 53

Thanks ... but sorry, I don't really get it.  There's something obvious I am missing I think.    I do see two environment variables files, one at \.env and a second at  {app extension}/.env ... 

 

I also see the page https://shopify.dev/custom-storefronts/hydrogen/framework/environment-variables telling me how I can have different files for different environments:

  • Development environment: .env.development
  • Staging environment: .env.staging
  • Production environment: .env.production

However, I don't see how to have different files or values for different shops/stores that my app is to be installed on.   

 

I also see a reference to shop metafields here: https://shopify.dev/api/liquid/objects#shop, but when I look at the ways of creating a metafield, shop metafields are not definable, here is the list I get ... 

 

Pls advise!  Thanks jb

 

  • Products

    3 definitions
  •  

    Variants

    0 definitions
  •  

    Collections

    3 definitions
  •  

    Customers

    3 definitions
  •  

    Orders

    0 definitions
  •  

    Pages

    1 definition
  •  

    Blogs

    0 definitions
  •  

    Blog posts

    0 definitions
     
richard-penner
Shopify Staff
19 2 6

Hi @den232 –

 

At a high level, you'll want to do something like the following:
- create an app in the partner dashboard, which gives you an API key. As discussed above, the .env files are an ideal spot for storing it, rather than in your code

- use the oAuth flow to be notified when a merchant has installed your app. This is where you'll create new per-shop data 

- partners typically setup their own databases with shop-tenanted data. Any shop-specific data you store will likely have a shop_id column

- depending on what you're trying to do, you can store some data in metafields rather than your own database. If the data is an attribute of a Customer (for example, a Birthday), storing it in a Customer metafield is a pretty natural place for it, and you can include metafields in the payload when you fetch a particular Customer. You can also store data in the Shop itself, but I wouldn't view that as a catch-all; if it's not really an attribute of a Shop, it's probably better to store it in your own database

- the picture you posted above refers to Metafield Definitions. This is a layer on top of metafields that adds validation and a merchant-facing UI. As a partner, you may just want metafields themselves, which support more resources than definitions do. Have a look at the Metafields Overview as a starting point, then refer to the REST or GraphQL API docs if you do decide to use metafields.

To learn more visit the Shopify Help Center or the Community Blog.

den232
Shopify Partner
192 8 53

Thanks @richard-penner  for clearing up my problem of not being able to access shop metafields.  I had no idea that I was just looking at a fraction of them thru that UI.  Seemed so near and yet so far.  

 

Question 1:

 

You say the .env files are an ideal spot for storing the API key.  Indeed, it's already in there, courtesy of the CLI I think.   So ... how do I access that value from (1) a theme extension and (2) an app itself?

 

Question 2:

 

You say Encrypt and save the access tokens to a database for each shop.   I'm confused, how does the encryption work?  The decryption process would have to use a key which would be plainly exposed in my code ... so, anyone with read access to the code could decrypt ... again, I'm missing something here.  What do I have wrong?

 

Thanks again and best regards, jb