Hey Shopify Community, I’m looking for pointers with customer authentication. I’m building a custom solution for a merchant and would like the merchant’s customers to be able to save additional data to their customer meta-fields or my backend database.
For example, say I want a logged in customer have the option to input their age on their profile page and then have it show on product pages. I plan to store this information in meta-fields or a custom DB, and will use some type of app for Admin GraphQL API to post.
I’m running into a roadblock when it comes to authenticating the customer.
How can I make sure when a request is summited to my app that it’s a legitimate request?
I’ve seen some options like fetching customer ID in liquid, and sending along with the request. Then the sever checks if the customer ID exists and can trust it’s legitimate. Or even saving a secret key to the customers meta-fields, then including customer ID and secret key along with requests. These would work I suppose, but isn’t true authentication.
Any pointers would be very appreciated!