Dedicated to the Hydrogen framework, headless commerce, and building custom storefronts using the Storefront API.
hi,
i was wondering how the shopify api worked because I was considering to use shopify services. I found this :
https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token
everything was clear but then i saw while visiting someone else's website using shopify :
ABCD.com (ABCD.com is not the real website)
that you could add : /shop.json to the url and find (for everyone) a lot of info on the website
ABCD.com/shop.json
like the
[1] host_name.myshopify.com
[2] <meta name="shopify-checkout-api-token" content="XXXXXXXXXXXXXXXXXXXX">
with these 2 according to https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token Step 4 :"the $token variable. Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place."
according to step 5 with [1] and [2] anyone should supposedly be able to call the API and do malicious things.
What I am missing ?
please tell me there's one obvious thing that makes the site safe ?
Louis
Hi there @khannah!
I just wanted to let you know I have moved your query here to our dedicated API forum.
As we're not in a position to provide developer-level support for this ourselves here, we have provided this place for threads on all things API-related.
Our own developers and partners monitor and respond to these threads, so it's really the best place to get any info on queries like this.
All the best!
Don | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Many thanks 😉
hoping to get an answer soon.
Louis