How to securely store 3rd party API keys in a custom order tracking app?

Shopify Partner
2 0 0

Hi all,


I'm trying to construct a simple app order tracking app page. 


First, upon placing an order, an automatic email is sent with a link to a tracking page with the order number as a query parameter.


Second, when the user visits that page, a 3rd party API is called with the order number (provided as a query parameter or typed in as an input). That API call goes first to a proxy server where the API credentials are stored. The request checks it is coming from Shopify, and then if it is, it calls the 3rd party API and checks the order number for any tracking updates in our management system. And returns either tracking information from the shipping APIs or just the tracking numbers. 


I can handle doing all of this, but I'm struggling trying to put this together. I'd rather build a custom app that allows the admin to store the 3rd party API key on the Shopify backend. Then instead of calling proxy server, it just gets the API key from the backend without exposing it, and then makes the call to the tracking server.


I'm confused on where/how I'd store the API keys. I want to build a custom remix app, but how would I connect it to the frontend page? Can I make a frontend page in remix to or is it just the backend apps?


Thanks in advance!

Replies 0 (0)