Custom client-side app: security concerns and storefront api questions

Custom client-side app: security concerns and storefront api questions

pastelle
Shopify Partner
1 0 0

Hi guys. First and foremost I'd like to thank everyone who has worked on creating the free SDKs and deep documentation - great work!

 

See setup then question following.

 

Setup:

1. I have an entirely client-side progressive app (vs using Hydrogen server-side) built in React using react-router and graphql queries hosted on netlify via auto deployments in our github CI

2. I have a custom app created in shopify, products, etc

3. Client-side frontend and backend are connected properly via tokens and queries work etc

4. I can create carts, move to checkout URL (via the shopName.myshopify.com/checkout url) and make fake orders etc.

 

Questions:

1. Are there any major security issues with using the open graphql integration and client-side apps? Is this even recommended? (vs using Hydrogen server-side)

2. Is there anyway to only leverage the backend shopify URLs (account page, checkout page) and redirect all others to my custom domain hosted on netlify? For example users who manually type in storeName.myshopify.com get redirected to my customdomain.com while allowing all account/checkout urls e.g storeName.myshopify.com/cart/aasdijhanskjbfnaks/checkout to navigate properly to the store backend URLs

 

The issue currently is mainly that on the account page users clicking `See Store` are redirected to my shopify store URL which has the shopify store instead of my custom frontend.

 

Any help is appreciated. Please let me know if anything needs clarification. Thank you!

 

David

 

Reply 1 (1)

rob72
Visitor
2 0 0

Hi David, did you ever manage to solve this?