how is the shopify api hacker-proof ?

khannah
Visitor
2 0 0

hi, 

i was wondering how the shopify api worked because I was considering to use shopify services. I found this : 

https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token

everything was clear but then i saw while visiting someone else's website using shopify :

ABCD.com (ABCD.com is not the real website)

that you could add :  /shop.json to the url and find (for everyone) a lot of info on the website 

 

ABCD.com/shop.json

like the

[1]  host_name.myshopify.com
[2]  <meta name="shopify-checkout-api-token" content="XXXXXXXXXXXXXXXXXXXX"> 

with these 2 according to https://www.shopify.com/partners/blog/17056443-how-to-generate-a-shopify-api-token Step 4 :"the $token variable. Remember, this is like a password into this shop, so you’ll want to store this token in a very safe place.

according to step 5 with [1] and [2]  anyone should  supposedly be able to call the API and do malicious things.

What I am missing ? 

please tell me there's one obvious thing that makes the site safe ?

Louis

 

 

Replies 2 (2)

Don
Shopify Staff
2777 199 390

Hi there @khannah!

 

I just wanted to let you know I have moved your query here to our dedicated API forum.

 

As we're not in a position to provide developer-level support for this ourselves here, we have provided this place for threads on all things API-related.

 

Our own developers and partners monitor and respond to these threads, so it's really the best place to get any info on queries like this.

 

All the best!

Don | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

khannah
Visitor
2 0 0

Many thanks 😉 

hoping to get an answer soon.

Louis