Hi all.
Now in my website i can export with
$orders_obj_url = ‘https://xxxxx:xxxxxx@my-domain.myshopify.com/admin/api/2019-10/orders.json?order_number=1003’;
but also with
https://my-domain.myshopify.com/admin/api/2019-10/orders.json?order_number=1003
How i can to lock this url? How can I block access to the json (free) admin and make access possible only with api and password?
Thanks
I assume you are just pasting the URL https://my-domain.myshopify.com/admin/api/2019-10/orders.json?order_number=1003 on a browser where you are already logged in as the admin, it just uses that session to return you the result.
Try doing the same on a new incognito window, or postman, you will be prompted for credentials. If this wasn’t the case, anyone could access any store’s order details and would be a significant breach of privacy.
BTW, you should upgrade the API version to the latest (has nothing to do with the issue you raised, just good practice).
Thanks!!!