FROM CACHE - en_header

Using private and public app together -where to store the private app password?

Solved
gdavisdesign
Tourist
5 0 0
‎09-04-2019 05:54 PM

Using private and public app together -where to store the private app password?

To allow storefront access to my app (via app proxy), I had to create a public app – but the app is using my private app credentials to make the api calls on the server. None of the POST requests on the front-end show these credentials, but will hard-coding the credentials into my app (on the server) be a security risk? Since the app will be hosted on heroku or some other server, it seems like it should be fine, since the website client is POSTing into the server. The server runs the query to process the POST request and sends a response back to the client.

 

Is this is the proper way to run API requests in a private app and use the app proxy?

365 Views
0 Likes
Report
Accepted Solution (1)

Accepted Solutions
Busfox
Shopify Staff (Retired)
Shopify Staff (Retired)
628 49 109
‎09-05-2019 10:23 AM

Re: Using private and public app together -where to store the private app password?

This is an accepted solution.

Hi @gdavisdesign,

 

I don't see an issue with your approach. Just make sure, as you said, you're not exposing any of your credentials on the client. If your app is going to be hosted on Heroku, you can use their config vars (environment variables) to securely store and access your credentials for us in your production server.

 

Cheers,

Andrew | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

View solution in original post

332 Views
Report
Replies 2 (2)
Busfox
Shopify Staff (Retired)
Shopify Staff (Retired)
628 49 109
‎09-05-2019 10:23 AM

Re: Using private and public app together -where to store the private app password?

This is an accepted solution.

Hi @gdavisdesign,

 

I don't see an issue with your approach. Just make sure, as you said, you're not exposing any of your credentials on the client. If your app is going to be hosted on Heroku, you can use their config vars (environment variables) to securely store and access your credentials for us in your production server.

 

Cheers,

Andrew | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

333 Views
Report
gdavisdesign
Tourist
5 0 0
‎09-05-2019 11:22 AM

Re: Using private and public app together -where to store the private app password?

Hello @Busfox ,

Thank you for the advice – I'll use the config vars.

 

Thanks!

325 Views
0 Likes
Report

Community Blog Articles

E23_social share_1200x6751.jpg
Shopify Community AMA: Winter Editions ‘23 Recap

Thanks to all Community members that participated in our inaugural 2 week AMA on the new E...

By Jacqui Mar 10, 2023
shopify-academy-foundations-certification-16-9-v1-size.png
Introducing Shopify Certifications

Upskill and stand out with the new Shopify Foundations Certification program

By SarahF_Shopify Mar 6, 2023
notebook-and-coffee.jpg
Adding and Creating Store Policies

One of the key components to running a successful online business is having clear and co...

By Ollie Mar 6, 2023
Terms of Service Privacy Policy