Hello @EcomGraduates
Thank you for your reply. But as stated in my initial post, this is what I already have done. My question was, what is the best way to verify, that the user that will talk to my API after the code exchange, is actually part of that shop. The access code only authorizes the backend to talk to shopify, not the user. I was looking for a way to authorize the user to talk to the our backend.
But I assume, that our backend just needs to provide its own access token for the user. I just thought there is an easier solution for it using the data shopify provided.