Authenticating requests from a Shopify app frontend to a Laravel 5 backend

Shopify Partner
24 2 11



I have an existing Shopify app that uses Laravel 5. I am in the process of rebuilding the frontend using React and Shopify Polaris. Originally, I was going to just use JWTs to authenticate each request from the React frontend to the Laravel backend, but as I understand it, I can't (and should not) use cookies to store the JWT while in the Shopify app iframe. The original iteration of my app escaped the iframe, so this is a new problem for me.


Can someone point me in the right direction regarding how I can authenticate requests between the React frontend and Laravel 5 backend? Do I need to implement the App Bridge? Do I have to upgrade Laravel to a newer version?


Thanks in advance. I'll be happy to clarify if needed.

Reply 1 (1)

Shopify Staff
15 4 4

👋 @daveluke ,


I'm a developer at Shopify.


If the app is embedded, you should use session tokens to authenticate and App Bridge can help with that. Check out the getting started section here. I am not a php dev, so I'm not sure what the major changes are since Laravel v5, but I don't believe it matters what the backend is, as long as you can implement the necessary callback routes and decode the session token. We also have a php library that helps with just that. 


Hopefully that helps!



To learn more visit the Shopify Help Center or the Community Blog.