Shopify APIs and SDKs

Hey @dylanpierce share your custom framework 🙂 or at least record a video tutorial about how you made it and sell it, I want to buy 🙂

 

Amos

Thanks @amosmos it's just the authentication portion, no full fledged framework yet.

It's available to download as an npm/yarn package: https://github.com/ctrlaltdylan/shopify-nextjs-toolbox

```

npm i --save shopify-nextjs-toolbox

yarn add shopify-nextjs-toolbox

```

And here's an example app repository using the package for authentication with OAuth & the new session tokens without cookies: https://github.com/ctrlaltdylan/shopify-session-tokens-nextjs

All open source and free.

Thanks @dylanpierce , much appreciated by a new Shopify dev trying to use the correct auth flow. 

@mattryles glad it's helping you!

Thanks @dylanpierce you're awesome!

For some reason in my original post the smilies I put didn't show, just know I meant it with tons of respect!

 

Thanks,

Amos

@dylanpierce thank you so much for making this available. This has been super useful to me, to be able to get around the necessity of deploying to Vercel but also using queries to a MongoDB.

Thank you so much for sharing this!

@dylanpierce doesn't seem to work with Custom App? Custom app requires API Secret which the configuration (env file) doesn't have. So I suppose  your framework is only for Private Apps? 😞

 

 

@dgtlmonk no it's compatible with both private & public apps.

You may have mixed up and created an `.env` file but NextJS by default reads `.env.local`.

@dylanpierce apologies for deviating from the main topic, but do you have an example of how can a NextJS API route could consume the `sessionToken` for axios REST Admin API requests? I'm really close to have this working but I think I'm missing a critical step somewhere.

@luistmartins

There is a middleware called "withSessionToken" in the package.

In the example repo look at the API route that is called within the
pages/home.js frontend component.

This withSessionToken middleware verifies the authenticity of the session
token and sets req.shopName to the name of the shop that's currently logged
in.

Thank you @dylanpierce, for the help here and for this useful library.
My difficulty was taking the accessToken given out by the middleware and use that to make REST Admin API requests, and that was because I was not passing the information through the `X-Shopify-Access-Token` header, which solved it for me, hopefully the proper way.

@luistmartins 

Oh I’m sorry, I misunderstood session token with access token.

For others reading this:

* Session Token == the frontend JWT authentication token for proving your merchant’s identity
* Access Token == the backend private key that represents your access to the merchant’s resources within the Shopify Admin API

The idea behind the session token is that it’s publicly accessible in the browser, but it will eventually expire.

The withSessionToken middleware proves that the merchant is using your app and is authenticated - however its up to your implementation to pull the shop’s Access Token from your backend database given the shop’s name (aka origin).

The next-js-shopify-toolbox package gives you the relevant middleware to retrieve this Access Token during OAuth, but it’s up to you to decide where to store it and how to retrieve it later.

@dylanpierce 

Thanks so much for taking the time to go through this Dylan.
I've figured out since that I could use the access token given out by the auth callback, so it all makes a bit more sense to me now. It was my lack of understanding of all involved parts that lead to my confusion, so again thank you for adding this information here.

@luistmartins 

No problem!

That's right, and it is a bit confusing with essentially 2 parts of authentication:

1. Access Tokens (server side stored and used) - distributed to your app during the OAuth callback when the merchant accepts your auth scopes (the /api/auth/callback.js example in next-js-shopify-toolbox)

2. Session Tokens (browser side, JWT, generated by AppBridge) - distributed by Shopify's AppBridge, which requires the shopOrigin (aka shop name) and you pass to **your** API using axios. Behind the API on the server, it's up to you to find the corresponding Access Token given the shop's name from the Session Token.

Good luck!

 

@dylanpierce  im getting client_id undefined 

 

https://github.com/ctrlaltdylan/shopify-session-tokens-nextjs/issues/8

 

@GoodfyLabs independently from being a public or private app, you should get the API keys listed on the app main screen as shown here: https://cln.sh/vbENzd

I have a private shopify app therefore I don't have local application running and also I don't have envirement variable HOST. How can I use this library with private app if Shopify.Context.initialize function use a config object ContextParams needs to have HOST_NAME key?

I have npm package "@shopify/shopify-api" version 1.2.1 installed and it has no Storefront API implemented. I don't know why there is no Storefront API in this version of package considering that github repo release with the same version has that API implemented.

Hi @Vyacheslav81  ... that was my intention too ...( use with PRIVATE APPS) 

I did some tests and ... in fact I realize that did not work because do not make SENSE ( at least this was my understanding ) 

 

Because with Private apps ... you will authenticate every api call using key and password  ... 

Maybe  an expert can explain better

Best regards