how is the shopify api hacker-proof ?

2 0 0


i was wondering how the shopify api worked because I was considering to use shopify services. I found this :

everything was clear but then i saw while visiting someone else's website using shopify : ( is not the real website)

that you could add :  /shop.json to the url and find (for everyone) a lot of info on the website

like the

[2]  <meta name="shopify-checkout-api-token" content="XXXXXXXXXXXXXXXXXXXX"> 

with these 2 according to Step 4 :"the $token variable. Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.

according to step 5 with [1] and [2]  anyone should  supposedly be able to call the API and do malicious things.

What I am missing ? 

please tell me there's one obvious thing that makes the site safe ?




Replies 2 (2)

Shopify Staff
2777 199 390

Hi there @khannah!


I just wanted to let you know I have moved your query here to our dedicated API forum.


As we're not in a position to provide developer-level support for this ourselves here, we have provided this place for threads on all things API-related.


Our own developers and partners monitor and respond to these threads, so it's really the best place to get any info on queries like this.


All the best!

Don | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

2 0 0

Many thanks 😉 

hoping to get an answer soon.