Shopify APIs and SDKs

Hi,

I still have not found clear direction on how to do the following...

• For a Public app
• Add a new page to an online store built dynamically by our server-side app according to merchant preferences stored in our database.
  • This is a shopper-facing page... not a merchant-facing page. 
  • This page would provide the UI for parts searches in our database (not Shopify products).
  • No Shopify merchant data is involved in building the page - i.e. no Shopify Admin API calls required.
  • Need to verify that the request comes from Shopify and identify the store without going through oAuth again (token stored during app install).
    
    • Q:  Is a session token the only way to do this?
    • Q: Is it required that this page be rendered in an iframe? 
      • If so, it seems that the iframe src should point to a loading page with javascript that...
        • loads App Bridge
        • gets the session token
        • redirects to the URL that verifies the token and renders the desired page.

Before I get into detailed questions about each step, am I at least on the right track with this or is there a better strategy?

Many thanks for any advice.