FROM CACHE - en_header
Promotion image

We're moving the community! Starting July 7, the current community will be read-only for approx. 2 weeks. You can browse content, but posting will be temporarily unavailable. Learn more

Authorising my backend API

Solved

Authorising my backend API

surfacenathan
Shopify Partner
6 0 1
‎06-20-2024 01:06 PM

I have a built a Shopify APP using RemixJS, I have also written a python app in Flask to use as my backend, How do i authenticate with the Shopify API using the same Credentials as my RemixJS app, Do i need to go through the whole Oauth flow again. 

 

If so, will the user of my app need to install the RemixJS app + the Python API app? 

 

Thanks in advance

Labels:
2,280 Views
1 Like
Report
Accepted Solution (1)

BSSCommerce-B2B
Shopify Partner
1972 564 567
‎06-20-2024 10:21 PM

This is an accepted solution.

Hi @surfacenathan,

 

No, user dont need to re-authenticate your API. You can use session info from app bridge, and attach it as 'Session-Token' header in your request to Python API. Addtional, you need implement middleware to authorize that header (a simple JWT validator)

 

1. This is example code I am using in Remix App

 

import axios from 'axios';
import { useAppBridge } from '@shopify/app-bridge-react';

class Api {
    constructor(path) {

        this.instance = axios.create({
            headers: {
                'Content-Type': 'application/json',
            }
        });

        this.instance.interceptors.response.use(this.handleResponse, this.handleError);
        this.instance.interceptors.request.use(async (config) => {
            if (typeof window !== "undefined") {
                config.baseURL = `${window.ENV.API_URL}/${path}`
                this.app = useAppBridge();
                config.headers['x-session-token'] = await this.app.idToken()
            } else {
                config.baseURL = `${process.env.API_URL}/${path}`;
            }
            if (!config.headers['x-session-token']) {
                console.log(`Can't find session token`) // eslint-disable-line
            }
            return config
        }, this.handleError);
    }
    async handleResponse(response) {
        const { code } = response.data;
        if (code === 401 || code === 403) {
            console.log('==code === 403==') //eslint-disable-line
        }
        return response.data;
    }
    handleError = (error) => {
        return P

 

 

2. This is the example code to authorize request but in Javascript (koa.js), SHOPIFY_API_SECRET_KEY is your app secret key in partner app API access section.

 

module.exports = async (ctx, next) => {
    const token = ctx.request.headers['x-session-token'];
    if (token) {
        try {
            const payload = jwt.verify(token, SHOPIFY_API_SECRET_KEY);
            await next();
        } catch (err) {
            console.error(err.toString());
            return ctx.body = {
                code: 401,
                error: true,
                message: 'Unauthorized access.',
                err
            }
        }
    } else {
        console.error("No token provided.");
        return ctx.body = {
            code: 403,
            error: true,
            message: 'No token provided.'
        }
    }
}

 

 

Here the Shopify doc about session tokens: https://shopify.dev/docs/apps/build/authentication-authorization/session-tokens

Hope this can help you somehow.

B2B Wholesale Solution: Streamline your B2B operation with advanced features like wholesale registration forms, custom pricing.


B2B Portal, Quote, Net 30: Speed up purchasing and streamline your quotation process with advanced features like quick order, request for quote.


B2B Lock Password Protect: Easily control access to pages, products, and pricing with robust features.


BSS Commerce - Full-service eCommerce Agency I Use Shopify for 1$ in the first month now

View solution in original post

2,213 Views
0 Likes
Report
Replies 3 (3)

BSSCommerce-B2B
Shopify Partner
1972 564 567
‎06-20-2024 10:21 PM

This is an accepted solution.

Hi @surfacenathan,

 

No, user dont need to re-authenticate your API. You can use session info from app bridge, and attach it as 'Session-Token' header in your request to Python API. Addtional, you need implement middleware to authorize that header (a simple JWT validator)

 

1. This is example code I am using in Remix App

 

import axios from 'axios';
import { useAppBridge } from '@shopify/app-bridge-react';

class Api {
    constructor(path) {

        this.instance = axios.create({
            headers: {
                'Content-Type': 'application/json',
            }
        });

        this.instance.interceptors.response.use(this.handleResponse, this.handleError);
        this.instance.interceptors.request.use(async (config) => {
            if (typeof window !== "undefined") {
                config.baseURL = `${window.ENV.API_URL}/${path}`
                this.app = useAppBridge();
                config.headers['x-session-token'] = await this.app.idToken()
            } else {
                config.baseURL = `${process.env.API_URL}/${path}`;
            }
            if (!config.headers['x-session-token']) {
                console.log(`Can't find session token`) // eslint-disable-line
            }
            return config
        }, this.handleError);
    }
    async handleResponse(response) {
        const { code } = response.data;
        if (code === 401 || code === 403) {
            console.log('==code === 403==') //eslint-disable-line
        }
        return response.data;
    }
    handleError = (error) => {
        return P

 

 

2. This is the example code to authorize request but in Javascript (koa.js), SHOPIFY_API_SECRET_KEY is your app secret key in partner app API access section.

 

module.exports = async (ctx, next) => {
    const token = ctx.request.headers['x-session-token'];
    if (token) {
        try {
            const payload = jwt.verify(token, SHOPIFY_API_SECRET_KEY);
            await next();
        } catch (err) {
            console.error(err.toString());
            return ctx.body = {
                code: 401,
                error: true,
                message: 'Unauthorized access.',
                err
            }
        }
    } else {
        console.error("No token provided.");
        return ctx.body = {
            code: 403,
            error: true,
            message: 'No token provided.'
        }
    }
}

 

 

Here the Shopify doc about session tokens: https://shopify.dev/docs/apps/build/authentication-authorization/session-tokens

Hope this can help you somehow.

B2B Wholesale Solution: Streamline your B2B operation with advanced features like wholesale registration forms, custom pricing.


B2B Portal, Quote, Net 30: Speed up purchasing and streamline your quotation process with advanced features like quick order, request for quote.


B2B Lock Password Protect: Easily control access to pages, products, and pricing with robust features.


BSS Commerce - Full-service eCommerce Agency I Use Shopify for 1$ in the first month now

2,214 Views
0 Likes
Report
In response to BSSCommerce-B2B

surfacenathan
Shopify Partner
6 0 1
‎06-23-2024 04:31 PM

Thanks so much 

2,172 Views
0 Likes
Report
In response to BSSCommerce-B2B

surfacenathan
Shopify Partner
6 0 1
‎06-24-2024 06:06 AM

I can probably figure this out myself but maybe if you know the solution yourself. I'm basically catching on webhook create/order on store A and then processing it in my backend api, so i want to send the order from Store A to Store B 

 

2,151 Views
0 Likes
Report
Terms of Service Privacy Policy