Shopify frontend to call Third Party API

DanC_KW
Tourist
3 0 1

Hello,

 

I am working on the Shopify page, need to call a third party API to retrieve data then display on the page.  I need to hide my API login details so I made a AWS lambda function with API gateway as a middleware. There is a problem, how to validate the request is coming from Shopify to my AWS lambda? I found the Shopify app proxy seems like can do this, but when I test on it, the app need to be installed in my store first, so do I need to create a server for the app? The app has no function and I need the app proxy only....

 

Can someone help? Let me know if further information is required. Thanks

Replies 4 (4)

Fabian_Martinez
Shopify Partner
9 0 2

Hey, I'm now facing the same question.... have you found the way to go with this?

Thanks

DanC_KW
Tourist
3 0 1

Yes, I found the solution, do you still need it?

Fabian_Martinez
Shopify Partner
9 0 2
Hey, yes. It’d be awesome if you can share it

Tks
DanC_KW
Tourist
3 0 1

To ensure the security of my API login details while working with Shopify and AWS Lambda, I implemented a verification method similar to the one used by Shopify webhooks. Here's the process I used:

  1. Within Shopify, I utilized Liquid to construct a base64-encoded signature by combining the entire request payload with a private key.

  2. I sent both the payload and the encoded signature to my AWS Lambda function via the API Gateway.

  3. Upon receiving the payload in Lambda, I encoded the payload again using the same private key.

  4. I compared this newly encoded signature with the one I received. If they matched, I could confirm that the request was indeed coming from Shopify.

This method ensured that the request was authenticated and originated from Shopify before any further processing by the Lambda function.