Out now! Check out the Poll results: Do you have a Shopify store?
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

how is the shopify api hacker-proof ?

how is the shopify api hacker-proof ?

khannah
Visitor
2 0 0

hi, 

i was wondering how the shopify api worked because I was considering to use shopify services. I found this : 

https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token

everything was clear but then i saw while visiting someone else's website using shopify :

ABCD.com (ABCD.com is not the real website)

that you could add :  /shop.json to the url and find (for everyone) a lot of info on the website 

 

ABCD.com/shop.json

like the

[1]  host_name.myshopify.com
[2]  <meta name="shopify-checkout-api-token" content="XXXXXXXXXXXXXXXXXXXX"> 

with these 2 according to https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token Step 4 :"the $token variable. Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.

according to step 5 with [1] and [2]  anyone should  supposedly be able to call the API and do malicious things.

What I am missing ? 

please tell me there's one obvious thing that makes the site safe ?

Louis

 

 

Replies 2 (2)

Don
Shopify Staff
2787 199 398

Hi there @khannah!

 

I just wanted to let you know I have moved your query here to our dedicated API forum.

 

As we're not in a position to provide developer-level support for this ourselves here, we have provided this place for threads on all things API-related.

 

Our own developers and partners monitor and respond to these threads, so it's really the best place to get any info on queries like this.

 

All the best!

Don | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

khannah
Visitor
2 0 0

Many thanks 😉 

hoping to get an answer soon.

Louis