Hi,
I want to know how to make sure that my app extension or normal app embed is secure and not misused by bad actors.
Let’s say I am creating a product or customer (mutation) using GraphQL on the front end. How do I make sure it will not be used?
Topic summary
Main issue: Ensuring security for a Shopify app extension or embedded app when performing GraphQL operations from the front end.
Context: The author considers creating products or customers via GraphQL mutations on the client side and asks how to prevent misuse by bad actors. A GraphQL mutation is a write operation that creates or modifies data.
Key question: How to secure front‑end-triggered GraphQL mutations so they aren’t abused or invoked by unauthorized users.
Status: No answers or solutions provided yet; discussion remains open with no decisions or action items.
Notes: No code snippets or attachments were included; the post is a request for best practices or guidance.