I am developing a Thank you page extension that calls my backend API to retrieve some data from my DB. It is a custom app for one store. Still in development and not published the app yet.
I am not able to get the session token in the extension to be passed to the backend API to authenticate the request.
The sessionToken in api object is empty. useSessionToken is returning error.
Shopify AI assistant says I dont need to set the token in header as shopify will automatically inject it but it is not getting set at all in the request header.
I could not find any documentation about the limitation for Thank you page extension (Checkout UI extension) in getting session token to pass to backend API.
The useSessionToken hook is only for your app’s admin section and won’t work in a Checkout UI extension. For this storefront context, you must use Shopify’s specific authentication method for UI extensions.
On your frontend Thank You page extension, get the fetch function from the useApi() hook. When you use this specific fetch to call your app’s backend, Shopify automatically attaches a secure JWT in the header. You do not need to get or set any token yourself.
In your backend Remix API route, you then verify this token. The @shopify/shopify-app-remix package provides a specific function for this. Simply protect your loader or action with await authenticate.checkout(request). This will validate the incoming request and give you a secure session, solving the authentication issue.