A space to discuss online store customization, theme development, and Liquid templating.
Hello,
I am working on the Shopify page, need to call a third party API to retrieve data then display on the page. I need to hide my API login details so I made a AWS lambda function with API gateway as a middleware. There is a problem, how to validate the request is coming from Shopify to my AWS lambda? I found the Shopify app proxy seems like can do this, but when I test on it, the app need to be installed in my store first, so do I need to create a server for the app? The app has no function and I need the app proxy only....
Can someone help? Let me know if further information is required. Thanks
Hey, I'm now facing the same question.... have you found the way to go with this?
Thanks
Yes, I found the solution, do you still need it?
To ensure the security of my API login details while working with Shopify and AWS Lambda, I implemented a verification method similar to the one used by Shopify webhooks. Here's the process I used:
Within Shopify, I utilized Liquid to construct a base64-encoded signature by combining the entire request payload with a private key.
I sent both the payload and the encoded signature to my AWS Lambda function via the API Gateway.
Upon receiving the payload in Lambda, I encoded the payload again using the same private key.
I compared this newly encoded signature with the one I received. If they matched, I could confirm that the request was indeed coming from Shopify.
This method ensured that the request was authenticated and originated from Shopify before any further processing by the Lambda function.