FROM CACHE - en_header

graphql-js-client Authentication

ishahrier
Shopify Partner
17 0 0
‎07-26-2020 10:11 PM

Hi

I have an app store public app that I am working on. I would like to know is it possible to use graphql-js-client library in the app front end (not storefront) to access admin API.

Because from the example on git hub i created the client in my app like the code below and it doesn't work (spits out 403).

 

 

    this.client = new GraphQLClient(types, {
      url: "https://dev-3-store.myshopify.com/api/graphql",
      fetcherOptions: {
        headers: {
          'X-Shopify-Storefront-Access-Token': 'access token',
        }
      }
    });

 

 

But if I create a private app credential in the dev store admin portal and use the "store-front-api-key" (not the other access token) 

 

2020-07-26 22_06_09-dev-3-store ~ Edit x-core ~ Shopify.png

then it works.

So my question is, then this "graphql-js-client" , it can not be used in public app's front end /ui? Because i understanding is that during public app installation you do not receive a store-front-access-token but only a regular access token to talk to the admin API.

 

 Please help me out here!

539 Views
0 Likes
Report
Replies 3 (3)
Kevin_A
Shopify Staff
Shopify Staff
318 42 61
‎07-29-2020 02:54 PM

Hey @ishahrier 

If you use the graphql-js-client library to access admin API from your app front end, you would essentially be revealing your private API key. So while it is technically possible, I don't think it is recommended. 

Kevin_A | Solutions Engineer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

492 Views
0 Likes
Report
In response to Kevin_A
ishahrier
Shopify Partner
17 0 0
‎07-29-2020 08:08 PM

Hi

what if my app first authorizes the store using the oauth . after that a customer is logged into my app and then the front end receives the api key from the back end and does the graph-js-client calls.

is it also considered as an issue ? 

476 Views
0 Likes
Report
In response to ishahrier
Kevin_A
Shopify Staff
Shopify Staff
318 42 61
‎07-30-2020 12:52 PM

Hey @ishahrier 

As long as you aren't exposing your API secret or any private tokens you should be fine. 

Kevin_A | Solutions Engineer @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

457 Views
0 Likes
Report

Community Blog Articles

31-54-5hg9c-2x272
Community Update! Threading Improvements

We're excited to announce improvements to the threaded messaging experience in our communi...

By TyW May 31, 2023
crowd-participating-at-event.jpg
We Answered Your Questions to Help You Get the Most Out of Your Shopify <> ...

Thank you to everyone who participated in our AMA with Klaviyo. It was great to see so man...

By Jacqui May 30, 2023
24-09-19241-65844.png
Introduction to Shopify Sales Channels

Photo by Marco Verch Sales channels on Shopify are various platforms where you can sell...

By Ollie May 25, 2023
Terms of Service Privacy Policy