How do you make authenticated requests from a Theme App Extension to your application?

New Member
1 0 0

Let's say I'm making an app that allows merchants to display a product of their choice anywhere on their store using Theme App Extension. My app logic would be use the products api to provide the merchant an interface to select their desired product, the I would store the product's ID in my app's own database. 


Now I want to create a theme app extension that sends a GET request to my server and get the product ID stored in the app's database for the merchant. The thing is, how do I make an authenticated request so my app knows who the merchant is?


If I understand correctly, Theme App Extensions logic is handled through Javascript, so it would be possible to maybe send merchant ID in the request header or body, but I'm not sure that would be the safe method, since anyone can send the API request with any header/body using something like Postman.  



Replies 0 (0)