Questions and discussions about using the Shopify CLI and Shopify-built libraries.
Embedded apps that don't use session tokens - Embedded apps submitting to the Shopify App Store must use session tokens to authenticate
Solved! Go to the solution
This is an accepted solution.
Hi @marv1nnnnn
I think all of your points are correct. Embedded app is highly recommended to use session token if it needs authentication.
Henry | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
This is an accepted solution.
Hi @marv1nnnnn
I think all of your points are correct. Embedded app is highly recommended to use session token if it needs authentication.
Henry | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog
Note that: although it's not required to use app-bridge for some apps but it's recommended to do so. There are a lot of opening questions if you don't:
- How do you perform auth when your app is loaded inside Shopify (iframe)?
- How do you make sure the request coming to your server is from Shopify? SessionToken is designed for this purpose. It's not for making a call to Shopify API.
- You also want to make sure your app works well on Shopify Mobile / Shopify POS. See https://shopify.dev/apps/tools/app-bridge/optimized-loading
Henry | Social Care @ Shopify
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit the Shopify Help Center or the Shopify Blog