Mobile app plan using Shopify Storefront API for data access, with questions on auth, payments, and social login.
Access and login: Storefront API uses a Storefront Access Token and is unauthenticated for browsing. Products/collections can be viewed without login, but customer-specific data (e.g., orders) requires customer login via customerAccessTokenCreate; enforcing pre-login for browsing must be done client-side.
Payments: In-app/native mobile checkout is possible after applying via Shopify’s form linked from the Mobile Buy SDK repos (iOS/Android). This is the path suggested instead of converting a private app into a sales channel.
Authentication: Multipass is a Shopify Plus feature. Without Plus, use email/password; social logins must be mapped to Shopify’s customer email/password on your side (no Multipass).
Follow-ups: The team chose Flutter. They asked if orders can be queried by email without login; no confirmed method was provided, and prior guidance implies this isn’t supported. Another participant requested guidance on building a similar Flutter app.
Status: Unresolved/ongoing. Key open question: fetching orders without customer login.
I am planning to develop a mobile client app using shopify storefront api as a backend. I’ve read docs and community forum and I conclude that it is possible by creating private app and enable storefront api access token. So it can be used in mobile client app to accessing data. However I have a couple of question that I want to clarify.
Unauthenticated access scope, does this mean that my users/customers don’t need to login in order to view product, view collection, checkout. if yes, how can I make it reverse, users/customers should login first in order to do all of that or at least initiate checkout? I know it is possible to configure the flow from client side but I wanna know whether it is possible from storefront api perspective?
Payment, Would that be possible to perform the payment process within the mobile client? I read some discussion that we need to convert the private app to sales channel, let’s say I don’t want to do that, what options do I have in order to perform the checkout inside the mobile client?
The storefront API itself is an unauthenticated API - this means you are not utilizing an API key / Password but instead a Storefront Access Token that can be exposed. With this access token you are able to make api calls to gather information from Shopify. To display your customers orders, you would need to have the customer login https://shopify.dev/docs/storefront-api/reference/mutation/customeraccesstokencreate?api[version]=2020-04 and get the access token. With this access token, you could access their orders to display.
Yes, you can fill out the form here for a native mobile app. This is linked on both of the repos listed above.
Multipass is a shopify Plus feature. For authentication, you would use the email / pass. If you are implementing social login, this would need to be mapped to that email/password login without multipass.
Our team decided to use flutter, a cross-platform framework to build the client and that should be okay since all of our use cases available through the storefront api.
Related to get the customer’s orders, is there any possible way to query that information without having the customer to login?, meaning we don’t need the customer/user to login to the app. I am thinking to query that information based on email, but is that available through storefront api?