What's your biggest current challenge? Have your say in Community Polls along the right column.
Our Partner & Developer boards on the community are moving to a brand new home: the .dev community forums! While you can still access past discussions here, for all your future app and storefront building questions, head over to the new forums.

Shopify frontend to call Third Party API

Shopify frontend to call Third Party API

DanC_KW
Tourist
3 0 1

Hello,

 

I am working on the Shopify page, need to call a third party API to retrieve data then display on the page.  I need to hide my API login details so I made a AWS lambda function with API gateway as a middleware. There is a problem, how to validate the request is coming from Shopify to my AWS lambda? I found the Shopify app proxy seems like can do this, but when I test on it, the app need to be installed in my store first, so do I need to create a server for the app? The app has no function and I need the app proxy only....

 

Can someone help? Let me know if further information is required. Thanks

Replies 4 (4)

Fabian_Martinez
Shopify Partner
9 0 2

Hey, I'm now facing the same question.... have you found the way to go with this?

Thanks

DanC_KW
Tourist
3 0 1

Yes, I found the solution, do you still need it?

Fabian_Martinez
Shopify Partner
9 0 2
Hey, yes. It’d be awesome if you can share it

Tks
DanC_KW
Tourist
3 0 1

To ensure the security of my API login details while working with Shopify and AWS Lambda, I implemented a verification method similar to the one used by Shopify webhooks. Here's the process I used:

  1. Within Shopify, I utilized Liquid to construct a base64-encoded signature by combining the entire request payload with a private key.

  2. I sent both the payload and the encoded signature to my AWS Lambda function via the API Gateway.

  3. Upon receiving the payload in Lambda, I encoded the payload again using the same private key.

  4. I compared this newly encoded signature with the one I received. If they matched, I could confirm that the request was indeed coming from Shopify.

This method ensured that the request was authenticated and originated from Shopify before any further processing by the Lambda function.