Is the Access Token retrieved in the app created using the remix template permanent

mg24 · ‎08-07-2024

I've built an app using the Shopify Remix template and registered a webhook for orders/create in the shopify.app.toml file. In the loader function, I'm retrieving the access token with the const { admin, session } = await authenticate.admin(request) call. I'm saving this token in my app's backend, which is developed with .NET, and I plan to use it to update orders via the webhook. Is this access token permanent, or will I need to regenerate it at any point? Is this an online or an offline token?

ChrisLikesCode · ‎08-08-2024

I don't believe access tokens expire. They are given during the installation process via a token exchange or for non-embedded apps via a authorization code grant. I do believe you can rotate them though in your app's dashboard. There is also a big difference between "access tokens" and "session tokens" in Shopify app dev which is important to grasp.

I am wondering though, if you're using a webhook to update orders I'm assuming you can authenticate the webhook request when it is received with something like:

const { admin } = await authenticate.webhook(request);

This will give you access to the "admin" resource which you can use to do "admin.graphql()" queries / mutations or "admin.rest()" queries. When we're you planning on passing in the Access Token to do the modifications?

mg24 · ‎08-08-2024

I am using const { admin, session } = await authenticate.admin(request) during the app install and setup. It gives an access token, and not a session token. I believe session token are JWT format and this one is not.

The webhook handler is defined in an asp.net service, so I will use this access token to call the admin api to update orders from this asp.net service and not from the remix based app frontend. Just wanted to check if this is the correct way.

Theau · ‎12-03-2024

What did you do in the end ?

SyncBase Co-founder
We help merchants create custom tools connected to their stores